Environment
Situation
Question
Can SecureLogin force password aging? I want to enforce a 28 day expiry on an application that is unable to do so natively.
Resolution
Answer
Yes. SecureLogin provides the ability to force password expiry on applications that are unable to do so natively by keeping a track of time using the ?CurrTime (System) variable. This effectively increases the security of applications that otherwise would not have this functionality and assist organizations with meet auditing requirements.
The following application definition shows an application setting and checking the number of days since the password was last changed. In this example, a message box is displayed to the user and SecureLogin clicks the Change Password button that appears on the logon prompt if 28 days have elapsed.
The user typically doesn’t have the option to click this button because SecureLogin signs on for the user by clicking OK. If 28 days have elapsed, SecureLogin clicks the ""Change Password"" button (instead of the OK button to logon) to start the Change Password process. The password can optionally be randomized and can be forced to use a strong password policy, as desired.
#===============#
# Logon Prompt #
#===============#
Dialog
Title ""Login""
Class ""#32770""
EndDialog
#============================================#
# Set variable to record and check the time #
#============================================#
If -Exists $PwdChange
Else
Set $PwdChange ?CurrTime(System)
EndIf
#============================================#
# Calculate whether a password change is due #
#============================================#
Subtract ?CurrTime(System) $PwdChange ?PwdChangeDue
#===================================================#
# Type in the information but don’t click logon yet # #===================================================#
SetPrompt ""Username:""
Type $Username #1001
SetPrompt ""Domain:""
Type $Domain #1002
SetPrompt ""Password:""
Type $Password #1003
#=============================================================================#
# If 28 days have elapsed, ask the user if they want to change their password #
# time in seconds 2419200 = 28 Days #
# Click Change Password button (instead of OK button if 28 days have elapsed) #
# #1 = OK Button to Logon #2 = Change Password button #
#=============================================================================#
If ?PwdChangeDue Gt 2419200
MessageBox ""It has been 28 days since you were asked to change your Password. For security reasons, you must change your password regularly. It will be remembered by SecureLogin and automatically entered in future.""
Click #2
Else
Click #1
EndIf
SetPrompt ""Please enter your credentials to logon to the HR application.""
#========================#
# Change Password Prompt #
#========================#
Dialog
Title ""Change Password""
Class ""#32770""
EndDialog
Type $Password #1004
ChangePassword ?NewPwd ""Please enter a new password.""
Type ?NewPwd #1005
Type ?NewPwd #1006
Click #1
#=============================#
# Change Password Successful #
# Save the new password #
# Reset 28 Day counter #
#=============================#
Dialog
Title ""Change Password Successful""
Class ""#32770""
EndDialog
Set $Password ?NewPwd
Set $PwdChange ?CurrTime(System)