Skip to main content
MurraySummers
MurraySummers
Inspiring
June 25, 2011
Question

Automatic password change every 6 months?

  • June 25, 2011
  • 1 reply
  • 1066 views

My client needs a routine that will reset a password automatically every 6 months.  What would be the best way to do that?  I know how to do it in a linear, brute force way and was just wondering if there might be some good alternatives to investigate....

This topic has been closed for replies.

1 reply

A
Anonymous
June 25, 2011
See if this works, it will probably need some tweeking. The only part I have not gotten my head 
around is how to reset the date so that it does not reset the password everytime
they log in after the first 6 months.

I figured to pass this along and it might give you a different way
to view it.



$date = "2011-06-25";
$newdate = strtotime ( '+6 month' , strtotime ( $date ) ) ;
$newdate = date ( 'Y-m-j' , $newdate );
 
if (isset($newdate)){

function createRandomPassword() {

    $chars = "abcdefghijkmnopqrstuvwxyz023456789";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
    while ($i <= 7) {
        $num = rand() % 33;
        $tmp = substr($chars, $num, 1);
        $pass = $pass . $tmp;
        $i++;
    }
    return $pass;
}
// Usage
$password = createRandomPassword();
echo "Your random password is: $password";

}

Gary

MurraySummers
MurraySummersAuthor
Inspiring
June 25, 2011

Thanks, Gary - that's helpful.

The kicker is that there are lots of visitors who would use this single password.  And each time the P/W changes, I'd need to notify all of the visitors - this implies of course that it would change for all visitors at the same time.  But I thought I could maybe add this variation: each time you connect, the system checks to see if your password is stale.  If it is, it tells you what the new password is, and then replaces your old P/W with the new one.  That would eliminate the need to email the new P/W to everyone.  What do you think?

A
Anonymous
June 25, 2011

I typically have a time/date stamp column in my database which automatically logs the date the person submits their data, you could switch the start date in the scripting I posted to use the time stamp, then the script should run for everyone, just at different dates.

If you want all the passwords to change on one day then you could run the script to trigger on jan 1 and june 1, the year would not be relevent.

Gary

On edit

I was thinking of putting it on the log in page, when they have a successful log in after the 6 months date, they are allowed to log in, have the page echo the new password or have it echo that a new password has been generated and mailed to the email that is on record.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices