User authentication issues on WPA/WPA2 802.1X (Enterprise) through Radius NPS afte password changed

  • 1
  • Question
  • Updated 1 month ago
Hello Community, 

It seems that Aerohive has some issues with User authentication when the user has changed its password? In our Password policy, the user has to change its passwod every 3 months,.. The client doesn't pop-up for a new password? It says just a verification error.. and client needs to edit the profile manually, even sometimes needs to delete the profile, and submit username/password again... Is there something we can do on the Aerohive side to ask the client a new password(new login).. We use the settings below and a NPS server

User authentication is working very good, but it causes users locked-out.. because of this malfunction.  What can do on the aerohives to force the clients asking new passwords? maybe making an interval shorter? or decrease failed password attempts  or something.. is there anything possible to enhance this? 




Kind Regards, 


Joy, 
Photo of joy

joy

  • 21 Posts
  • 0 Reply Likes

Posted 1 month ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Joy,

This behaviour is determined by the supplicant on the client, it is not in Aerohive's control.

The solution to this is to either not mandate password changes like this or to switch to certificate based authentication.

The security community generally consider mandated password changes to be harmful to security: https://www.sans.org/security-awareness-training/blog/time-password-expiration-die

Regards,

Nick
(Edited)