Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Under Consideration
Workspace Domino
Categories Security
Created by Guest
Created on Jun 19, 2023

Force password change after next login checkbox

Please add a policy that forces the password to be changed at the next login.

The policy should be immediately broadcast to all connected HCL Notes clients so that in case of a security problem, everyone is forced to use a new password.

The setting must work, without prompting the user to change their password again in the next few days or months.

If someone uses another Notes client, the new password should be loaded from the ID-Vault and the users should NOT be prompted again to change their password.

  • Attach files
  • Admin
    Thomas Hampel
    Sep 28, 2023

    Notes cannot "load [the new password] from the ID-Vault" -- N/D doesn't store plaintext passwords in the ID vault; that would be hideously insecure.

    You are talking about passwords for "all ... HCL clients" ? - some of those might be SPNEGO/AD passwords, others stored in read-only LDAP directories, and some might not involve HCL products at all (Windows password for NSLv3).

    With requirements like this, you can use a centralized IDP to manage your passwords, password policies, change intervals, etc. and configure N/D to use that IdP via SAML or OIDC, and use feature functionality like NSLv3, NBA, and passkeys to remove passwords from the picture entirely whenever possible.

    Since this is possible already, the intention of this idea is already 'shipped' but the ideas as worded has not. For now I'll keep this idea open for further discussion.

  • Guest
    Jun 27, 2023

    For me it should be done by selecting the person document(s) and a new option under "Tools" -> "Person" (Admin client; right hand side) named "Force password change" or similar.

    Policies are for long-term settings.

  • Guest
    Jun 27, 2023

    Yeah, let's say, if a company has over 1000 users in the Domino Directory and all users have a password on the ID and an Internet password...

    So the IT has now made a new password policy (e.g. 12 characters, upper lower case, numbers and special characters).

    The IT management wants all users to change their passwords according to the new policy - asap! For security reasons.

    All accounts that do not change their password within a week will be blocked.

    But the Notes should only ask the user to change the password once. If a user uses multiple PCs or Citrix with multiple Notes configurations, the user will be prompted several times for a password change.

    HCL Domino also does not provide a real overview of who has changed their password and who has not.

    It's still a challenge for HCL Notes/Domino to find its way into the 20s.