DDMSPLUS Ideas Portal
It's understood that security protocols are meant to help protect users, but can we also agree that we need to make it easy for customers to use the platform?
We would like to propose a never expires and a cannot change password option under the strong password implementation. Case use would be for "browse only" user accounts or generic accounts that are shared.
Browse only users may not use the checkout option of the platform, and they are not logging in every day. Some are logging in every 3-6 months. The thought of them having to reset their password every time they log in would be a hassle.
Shared generic user accounts are set up per the customer's request to allow a department or a select group of employees to shop through the platform. They do not want us to provide a unique user account for each shopper, nor do they want an approval chain.
They require one user account to share. Forcing them to update their password regularly would place an unnecessary burden on them to update everyone that uses that one account.
Use Case: Incoming teachers are provided a classroom allowance. Each new teacher uses the generic account to purchase classroom supplies for that year. The school district provides the username, password, and a PO for a specific dollar amount. This account is activated before the start of every school year and inactivated at the district's request. After this initial purchase, teachers must go through proper channels for any other procurement.
The alternative would be to enforce this policy on a per-user account basis.
