Problem/Motivation
The email notifications that a password is about to expire works well. But the text used in the notification is very generic. The subject line is "Your password will expire soon" and the only text in the message itself is "Your password will expire in less than [XX] days. Please visit the following link to reset your password".
We use software to help protect against spam and phishing attempts by re-writing links in emails and routing anybody that clicks on a link through a Cisco server. The URL that is displayed in the email is therefore obscured and is not meangingful.
Our staff have been trained to be aware of phishing attempts and the notification email does not contain any indication about where it is being sent from or what password they are being asked to update, so they are liable to ignore the message or mark it as spam.
Proposed resolution
Ideally there would be a section of the module admin screen that allowed people to customise the subject line and body of the email.
Failing that, a second simpler solution would be to always include the website name in the email notification message, so the subject would read, "Your [website name] website password will expire soon" and the body would read "Your [website name] website password will expire in less than [XX] days".
By website name I mean the text that is entered in the Site Name field at /admin/config/system/site-information
User interface changes
The first solution would require a chnage to the admin interface but the second would not.
Data model changes
The first solution would require the customised text to be stored but the second would not require any changes.
Thanks....