Password Expiration

Detect that passwords are about to expire and invite users to change them with a friendlier web user interface.

Bravura Pass can remind users to change their passwords, either using a native password change dialog or via the Bravura Pass web portal. Warnings are normally sent to users before their password actually expires on AD, LDAP or other systems. These invitations can be sent via e-mail, SMS, or launched in a web browser when users sign into their PCs. Users can even be forced to change passwords by launching a kiosk-mode web browser when the user signs into their PC.

Password change reminders are normally only sent at the start of users' work day and work week, to discourage users from changing passwords right before leaving work and subsequently forgetting the new password.

Process

To enforce password expiration and to get users to trigger web-based password synchronization, Bravura Pass is configured to detect upcoming password expiration on individual systems (e.g., Windows, AD, LDAP, etc.) or based on the last time a user changed his passwords using Bravura Pass and to remind users to change their passwords using the Bravura Pass web UI.

Password expiration is normally configured so that users change their passwords with Bravura Pass web portal on a shorter expiry interval than the native password expiry on any system. This way, Bravura Pass prompts users to change passwords before any other system does and users are never prompted to change expired passwords by other systems or applications.

Early notification of upcoming password expiration is a viable alternative to transparent password synchronization, especially in cases where it is impossible to trigger synchronization from the primary login system that users most often use.

Users are most commonly notified of upcoming password expiration by e-mail. Bravura Pass can also be configured to send users a text message (SMS) with the same notification.

Alternately, a small client program can be triggered at user login time, which checks whether the user currently logging in is on the list of "soon to expire" users and -- if so -- opens the user's default web browser to a URL that prompts the user to change his passwords.

The same small program can be used to make the password change mandatory, by opening a kiosk-mode web browser to the password change web portal and requiring the user to change passwords before they can close this browser and access their desktop.

Watch a Movie

Reminder to change passwords

hipm-pw-expired-email-thumb (1)

 

Content:

  • A user is reminded, via e-mail, to change passwords.

Key concepts:

  • Users never volunteer to change passwords.
  • Mobile users are not reminded to change passwords by Windows, so an e-mail helps them avoid lockouts.
  • An interactive web UI can educate users about password policy and in-scope systems, so is often preferable to the Windows “Ctrl-Alt-Del” UI.