Hitachi ID Password Manager can remind users to change their passwords, either using a native password change dialog or via the Password Manager web portal. Warnings are normally sent to users before their password actually expires on AD, LDAP or other systems. These invitations can be sent via e-mail or launched in a web browser when users sign into their PCs. Users can even be forced to change passwords by launching a kiosk-mode web browser when the user signs into their PC.
Password change reminders are normally only sent at the start of users' work day and work week, to discourage users from changing passwords right before leaving work and subsequently forgetting the new password.
To enforce password expiration and to get users to trigger web-based password synchronization, Password Manager is configured to detect upcoming password expiration on individual systems (e.g., Windows, AD, LDAP, etc.) or based on the last time a user changed his passwords using Password Manager and to remind users to change their passwords using the Password Manager web UI.
Password expiration is normally configured so that users change their passwords with Password Manager web portal on a shorter expiry interval than the native password expiry on any system. This way, Password Manager prompts users to change passwords before any other system does and users are never prompted to change expired passwords by other systems or applications.
Early notification of upcoming password expiration is a viable alternative to transparent password synchronization, especially in cases where it is impossible to trigger synchronization from the primary login system that users most often use.
Users can be notified of upcoming password expiration by e-mail. Alternately, a small client program can be triggered at user login time, which checks whether the user currently logging in is on the list of "soon to expire" users and -- if so -- opens the user's default web browser to a URL that prompts the user to change his passwords.
The same small program can be used to make the password change mandatory, by opening a kiosk-mode web browser to the password change web portal and requiring the user to change passwords before they can close this browser and access their desktop.