In addition to that, our users tend to pick a password and add a number to the end. When it expires, they reuse the password and just pick a different number ("passwd2" goes to "passwd3", and so on). On our system, that fails because there is not a significant difference between passwords. This is good, but WinSCP does not communicate why that fails, it just goes back to the "Password" prompt. Only after the user presses Cancel will it display that the new password must be different by 3 or more characters. I'm hoping this is a message that could also be displayed in the text box in the top of the password window. This could help remove the ambiguity of password expiration for my users.
Thanks for such a great product.
University of Wyoming