Skip to main content

Password Expiration - Hitachi ID Password Manager

Hitachi ID Password Manager can remind users to change their passwords, either transparently or with a web portal, before they expire. These invitations can be sent via e-mail or launched in a web browser when users sign into their PCs. Users can even be forced to change passwords by launching a kiosk-mode web browser at login time.

Password change notices are normally only sent at the start of users' work day and work week, to discourage users from changing passwords right before leaving work and subsequently forgetting the new password.

Process

To enforce password expiration and to get users to trigger web-based password synchronization, Password Manager is configured to detect upcoming password expiration on individual systems (e.g., Windows, AD, LDAP, etc.) or based on the last time a user changed his passwords using Password Manager and to remind users to change their passwords using the Password Manager web UI.

Password expiration is normally configured so that users change their passwords with Password Manager web portal on a shorter expiry interval than the native password expiry on any system. This way, Password Manager prompts users to change passwords before any other system does and users are never prompted to change expired passwords by other systems or applications.

Early notification of upcoming password expiration is a viable alternative to transparent password synchronization, especially in cases where it is impossible to trigger synchronization from the primary login system that users most often use.

Users can be notified of upcoming password expiration by e-mail. Alternately, a small client program can be triggered at user login time, which checks whether the user currently logging in is on the list of "soon to expire" users and -- if so -- opens the user's default web browser to a URL that asks the user to change his passwords.

The same small program can be used to make the password change mandatory, by opening a kiosk-mode web browser to the password change web portal and requiring the user to change passwords before they can close this browser and access their desktop.


Watch a Movie

Reminder to change passwords


Play movie

Content:

  • A user is reminded, via e-mail, to change passwords.

Key concepts:

  • Users never volunteer to change passwords.
  • Mobile users are not reminded to change passwords by Windows, so an e-mail helps them avoid lockouts.
  • An interactive web UI can educate users about password policy and in-scope systems, so is often preferable to the Windows "Ctrl-Alt-Del" UI.

page top page top