Skip to main content

Previous Next PDF

Frequently Asked Questions for Hitachi ID Password Manager Users


What is Hitachi ID Password Manager?

Password Manager is an integrated solution for managing user credentials, across multiple systems and applications. Organizations depend on Password Manager to simplify the management of those credentials for users, to reduce IT support cost and to improve the security of login processes.

Password Manager includes password synchronization, self-service password reset, enterprise single sign-on, PIN resets for tokens and smart cards, enrollment of security questions and biometrics and emergency recovery of full disk encryption keys.

Password Manager reduces the cost of password management using:

  • Password synchronization, which reduces the incidence of password problems for users
  • Self-service password reset, which empowers users to resolve their own problems rather than calling the help desk
  • Streamlined help desk password reset, to expedite resolution of password problem calls

Password Manager strengthens security by providing:

  • A powerful password policy engine.
  • Effective user authentication, especially prior to password resets.
  • Password synchronization, to help eliminate written-down passwords.
  • Delegated password reset privileges for help desk staff.
  • Accountability for all password changes.
  • Encryption of all transmitted passwords.

To find out more about Password Manager, visit http://Hitachi-ID.com/password-manager/.


How do I synchronize my passwords?

Password Manager helps users to maintain a single password across every system, as follows:

  • If transparent synchronization is deployed, whenever users change their Windows network password, all other passwords are automatically synchronized.

  • Alternately, users can synchronize all or some of their passwords from a web browser. Users sign into a Password Manager URL with their network login ID and password, type a new password and wait a few seconds for the new password to be applied to their various accounts.

Users normally receive an e-mail confirmation after password synchronization is complete, with either method.


I forgot my password -- how do I fix it?

In the event that a user forgets any of their passwords or triggers an intruder lockout, the user can access Password Manager from a web browser (click on Password Manager on the Intranet or Extranet web portal), from their PC login screen (type help for the login ID, leave the password field blank and press Enter), using a Windows Credential Provider (adds a tile to the Windows login screen) or by calling the help desk phone number and dialing the menu option for a password problem (IVR).

Regardless of how the user accessed Password Manager (web, login prompt, phone), they must sign in, typically by typing their network login ID. The user will then be authenticated, typically by answering a series of security questions. Once the user has been authenticated they can select a new password for themselves. The new password will be applied to some or all of their login IDs in the next few seconds.

The user will receive an e-mail confirmation after the password reset is complete.


Why do I need to register, and how do I do it?

In some environments, users have to enroll with Password Manager to provide data such as security questions or to attach login IDs on systems with non-standard naming conventions to their profiles.

Password Manager manages registration automatically:

  • An auto-discovery process periodically reconstructs a master list of Password Manager user profiles based on changes in the list of users on one or more authoritative systems such as Active Directory or LDAP.

  • Password Manager user profiles are tested for completeness -- a minimum set of security questions; login IDs on mandatory systems and so on.

  • Users whose profiles are incomplete may be asked to enroll additional data. Password Manager normally invites users to do this by sending e-mails to users, with instructions and an embedded URL.

  • Controls limit the total number of invitations sent to users per batch and minimum time interval between invitations to the same user.

  • Users enroll by clicking on the URL in their invitation e-mail, signing in with their network login ID and password and filling in the blanks on one or two web forms.

This process is fully automated and unattended. It is secure, since sensitive information, such as passwords or PINs, is never transmitted over an insecure channel (e-mail).

This process is configured to minimize load on the help desk and e-mail delivery system (maximum registration invitations per day).

This process is configured to minimize nuisance to individual users, by ensuring that reminders to enroll are not too frequent.

This process is effective and reliable, since users are reminded to enroll until they comply.

Previous Next PDF
page top page top