
Originally Posted by
DrByte
2 Questions:
1. But ... why do they need to know "when they last changed it"?
2. You said "must be changed within 90 days". But, that's not correct. The system will auto-prompt them to set new password after 90 days is up. It won't suddenly "lock them out because they forgot to change it in time".
The sites where I've seen this mod installed make the admin home screen seem like there will be sudden doom if they don't pay careful attention to changing their password "in the nick of time". But that's the wrong concept. Passwords are tough enough to manage without creating alarm and fear of getting locked out because they weren't watching the calendar.
Other than dropping PCI rules altogether, how can the system be changed so that there's no need for this plugin?