Hitachi ID Password Manager can remind users to change their passwords, either using a native password change dialog or via the Password Manager web portal. Warnings are normally sent to users before their password actually expires on AD, LDAP or other systems. These invitations can be sent via e-mail, SMS, or launched in a web browser when users sign into their PCs. Users can even be forced to change passwords by launching a kiosk-mode web browser when the user signs into their PC.
Password change reminders are normally only sent at the start of users' work day and work week, to discourage users from changing passwords right before leaving work and subsequently forgetting the new password.
To enforce password expiration and to get users to trigger web-based password synchronization, Password Manager is configured to detect upcoming password expiration on individual systems (e.g., Windows, AD, LDAP, etc.) or based on the last time a user changed his passwords using Password Manager and to remind users to change their passwords using the Password Manager web UI.
Password expiration is normally configured so that users change their passwords with Password Manager web portal on a shorter expiry interval than the native password expiry on any system. This way, Password Manager prompts users to change passwords before any other system does and users are never prompted to change expired passwords by other systems or applications.
Early notification of upcoming password expiration is a viable alternative to transparent password synchronization, especially in cases where it is impossible to trigger synchronization from the primary login system that users most often use.
Users are most commonly notified of upcoming password expiration by e-mail. Password Manager can also be configured to send users a text message (SMS) with the same notification.
Alternately, a small client program can be triggered at user login time, which checks whether the user currently logging in is on the list of "soon to expire" users and -- if so -- opens the user's default web browser to a URL that prompts the user to change his passwords.
The same small program can be used to make the password change mandatory, by opening a kiosk-mode web browser to the password change web portal and requiring the user to change passwords before they can close this browser and access their desktop.
Watch a Movie
Reminder to change passwords
- A user is reminded, via e-mail, to change passwords.
- Users never volunteer to change passwords.
- Mobile users are not reminded to change passwords by Windows, so an e-mail helps them avoid lockouts.
- An interactive web UI can educate users about password policy and in-scope systems, so is often preferable to the Windows “Ctrl-Alt-Del” UI.