Can SecureLogin force password aging? I want to enforce a 28 day expiry on an application that is unable to do so natively.

  • Document ID:7940265
  • Creation Date:19-Aug-2009
  • Modified Date:17-Jan-2014
    • Micro Focus Products:
      SecureLogin

Environment

SecureLogin
SecureLogin SSO
All Versions

Situation

Question

Can SecureLogin force password aging? I want to enforce a 28 day expiry on an application that is unable to do so natively.

Resolution

Answer

Yes. SecureLogin provides the ability to force password expiry on applications that are unable to do so natively by keeping a track of time using the ?CurrTime (System) variable. This effectively increases the security of applications that otherwise would not have this functionality and assist organizations with meet auditing requirements.

The following application definition shows an application setting and checking the number of days since the password was last changed. In this example, a message box is displayed to the user and SecureLogin clicks the Change Password button that appears on the logon prompt if 28 days have elapsed.

The user typically doesn’t have the option to click this button because SecureLogin signs on for the user by clicking OK. If 28 days have elapsed, SecureLogin clicks the ""Change Password"" button (instead of the OK button to logon) to start the Change Password process. The password can optionally be randomized and can be forced to use a strong password policy, as desired.



#===============# 

# Logon Prompt # 

#===============# 

Dialog 

Title ""Login"" 

Class ""#32770"" 

EndDialog 

#============================================# 

# Set variable to record and check the time # 

#============================================# 

If -Exists $PwdChange 

Else 

Set $PwdChange ?CurrTime(System) 

EndIf 

#============================================# 

# Calculate whether a password change is due #

#============================================# 

Subtract ?CurrTime(System) $PwdChange ?PwdChangeDue

#===================================================# 

# Type in the information but don’t click logon yet # #===================================================# 

SetPrompt ""Username:"" 

Type $Username #1001 

SetPrompt ""Domain:"" 

Type $Domain #1002 

SetPrompt ""Password:"" 

Type $Password #1003 

#=============================================================================# 

# If 28 days have elapsed, ask the user if they want to change their password # 

# time in seconds 2419200 = 28 Days # 

# Click Change Password button (instead of OK button if 28 days have elapsed) # 

# #1 = OK Button to Logon #2 = Change Password button # 

#=============================================================================# 

If ?PwdChangeDue Gt 2419200 

MessageBox ""It has been 28 days since you were asked to change your Password. For security reasons, you must change your password regularly. It will be remembered by SecureLogin and automatically entered in future."" 

Click #2 

Else 

Click #1 

EndIf 


SetPrompt ""Please enter your credentials to logon to the HR application."" 

#========================# 

# Change Password Prompt # 

#========================# 

Dialog 

Title ""Change Password"" 

Class ""#32770"" 

EndDialog 

Type $Password #1004 

ChangePassword ?NewPwd ""Please enter a new password."" 

Type ?NewPwd #1005 

Type ?NewPwd #1006 

Click #1 

#=============================# 

# Change Password Successful # 

# Save the new password # 

# Reset 28 Day counter # 

#=============================# 

Dialog 

Title ""Change Password Successful"" 

Class ""#32770"" 

EndDialog 

Set $Password ?NewPwd

Set $PwdChange ?CurrTime(System)