Users can change some or all of their passwords using the Hitachi ID Password Manager web portal. The password policy is clearly explained on-screen and enforced interactively.

Using an interactive web page to change passwords has educational benefits but requires user awareness and cooperation.

Process

Password change and/or synchronization from a web browser works as follows:

  1. User: decides to change his password(s) or has been prompted to by e-mail or a "web pop-up" during the login process.

  2. User: manually or automatically opens a web browser, navigates through the Intranet to the Password Manager application.

  3. Password Manager: authenticate the user, typically with a current password.

  4. Password Manager: prompts the user to enter a new password.

  5. User: types a new password, selects some or all accounts.

  6. Password Manager: validates password quality, possibly returns the user to previous step.

  7. Password Manager: resets the password on selected systems to the new value.

  8. Password Manager: displays a status page to the user.

  9. Password Manager: creates a ticket on an incident management system.

  10. Password Manager: sends the user a confirmation e-mail.

User Notification

Users do not normally volunteer to change their own passwords. A process for reminding users to periodically change their passwords is described here.

Watch a Movie

Reminder to change passwords


Reminder to change passwords
Play movie

Content:

  • A user is reminded, via e-mail, to change passwords.

Key concepts:

  • Users never volunteer to change passwords.
  • Mobile users are not reminded to change passwords by Windows, so an e-mail helps them avoid lockouts.
  • An interactive web UI can educate users about password policy and in-scope systems, so is often preferable to the Windows "Ctrl-Alt-Del" UI.