Hitachi ID Systems, Inc.

Hitachi

Features Password Expiration

Headlines

Hitachi, Ltd. acquires M-Tech Information Technology, Inc. ... More»

Password Expiration

P-Synch® automatically reminds users to change their passwords regularly. This facility pre-empts native password expiration on managed systems and encourages users to synchronize their passwords with a friendly, web-based user interface.

Users are prompted to change passwords either by receiving e-mail, with an embedded URL to the P-Synch server or by responding to a web browser window that is opened during their network login script.

Process

To enforce password expiration and to get users to trigger web-based password synchronization, P-Synch is configured to detect upcoming password expiration on individual systems (e.g., Windows or NetWare servers, LDAP directories) and to prompt users to change all of their passwords at once with the P-Synch web GUI, rather than one system at a time with native password change screens.

Typically password expiration is configured so that users change their passwords with P-Synch on a shorter schedule than any other application or system password. This way, users are never prompted to change passwords by anything other than P-Synch itself or systems that automatically trigger P-Synch transparent password synchronization.

Early notification of upcoming password expiration is a viable alternative to transparent password synchronization, especially in cases where it is impossible to trigger synchronization from the primary login system that users most often use.

Users can be notified of upcoming password expiration by e-mail. Alternately, a small client program can be added to global network login scripts, which checks whether the user currently logging in is on the list of "soon to expire" users and if so opens the user's default web browser to a URL that asks the user to change his passwords with a web GUI, using P-Synch.

Users can be forced to change their passwords when they sign into the network, by opening a kiosk-mode web browser to the password change screen and requiring the user to change passwords before they can close this browser.

The timing of password expiration can be calculated based on the most recent password change a user made with P-Synch, in addition to upcoming expiration on a managed system.