We would like to implement password controls into our PeopleSoft system. The system is already in use and people have active accounts with passwords that will not meet the new requirements. How will this affect accounts if the password does not meet the current standard? Will their accounts be locked or will they just be asked to create a new password when they log in?
Yes we could test it in QA, however we do not want to have password controls in QA only in our production environment. The concern is that for example if the person has their password the set to same as there ID and we put password controls in to not allow this, their account could be locked and we would have to manually unlock each account and reset their password.
From the PeopleSoft Security Administration PeopleBook
Password Expired? (chapter 5)
If you are using PeopleSoft password controls, this option enables you to force
users to change their passwords in the following situations:
• The first time that a user signs in to PeopleSoft software.
• The next time that a user signs in.
• The first time that a user signs in after the system has emailed the user
a randomly generated password.
Note. To use this option, you must enable the Password Expires in ’x’ Days
PeopleSoft password control.