How does SecureLogin handle applications with different password policies?

  • Document ID:7940269
  • Creation Date:19-Aug-2009
  • Modified Date:17-Jan-2014
    • Micro Focus Products:
      SecureLogin

Environment

SecureLogin
SecureLogin SSO
All Versions

Situation

Question

Some password management software (using the term loosely) such as password synchronization and password reset makes (or allows users to make) all password policies the same. How does SecureLogin handle applications with different password policies?

Resolution

Answer

Whenever you need to apply a rule that covers all systems and all situations, you have a political fight on your hands, especially if the applications are externally managed. Using password synchronization for example, all application owners must implement a common password policy (such as length, numerals, characters that can be used etc.) so passwords can be synchronized on all systems.

Furthermore, all systems must be able to enforce the password policy. Many mainframes for example require all uppercase characters, so you can’t force numerals or mixed case on any of your other systems. Systems that require extremely complex passwords can’t be configured any differently to a system that requires a simple password. You are only as strong as your weakest link, while SecureLogin makes all links as strong as you like.

SecureLogin allows you to have different password policies for different systems. It is non invasive and it does not try to own your policies; but it can if you want it to. When deploying SecureLogin, the SSO administrator typically talks to all application owners to find out how THEY WANT the policy configured and whether they want users to choose a new password or whether a password should be randomly generated based on a secure password policy. SecureLogin then centrally controls and enforces the policies for all applications.

When an application password expires, SecureLogin can randomly generate a complex password and store it, meaning users no longer know passwords to applications and cannot share them or write them down. When they leave your organization, users do not know their application passwords.

SecureLogin’s random password generation and policies, which can be centrally configured per application or for all applications, can enforce strong passwords and password expiry on systems that are unable to do so natively. Because SecureLogin remembers passwords and managed changes, many application owners change the password more often to strengthen security.

SecureLogin provides you with the flexibility to match or improve the application policy but leaves it up to the project team to decide. SecureLogin’s flexible and customizable approach allows you to choose the best fit for your environment.