Users forgetting their passwords is a time honored tradition dating back to the simultaneous invention of the user and the password. Just as Alexander Graham Bell’s first words were “Mr. Watson — come here — I want to see you”, the first user’s first words were “what is my password again?”
So we give them a self service password reset solution like Password Center that allows them to authenticate with questions where they know the answers (mother’s maiden name, location of buried treasure, things like that) and change their own password. Without bothering the already overworked help desk.
I love solutions like that. Put the onus on the guy who forgot the password. But let’s help them out a bit more than that. Let’s treat the symptom before it festers. How many of your users ignore the little tiny warning that windows gives that their password is going to expire? How many even are aware that passwords do expire?
How about if you send an email to any users every day in the week prior to their password expiring? You know, get to them BEFORE they call the help desk.
You know two things from Active Directory, the date the password was last set and the domain policy on how often passwords must be changed. A simple calculation will tell you everyone whose password is about to expire; well, it’s not exactly a “simple” calculation since the pwdLastSet attribute is stored in Active Directory as Integer8. But you get the point, do the calculation.
Of course, Imanami has an easier way as part of GroupID Automate. It’s called the Password Expiry Group. We handle that calculation and dynamically place all users who meet the “password expiring in X days” criterion into a distribution group.
We then send an email (based on an editable template) to those users with instructions on how to change their password. Once they change their password, they no longer meet the criterion to be in the group and, presto, they no longer get the email.
If they continue to ignore these warnings, they can just reset their password with the self service password reset solution, GroupID Password Center.
At least you as the conscientious IT professional did all you could to help them help themselves. Give it a try, the free 30 day trial of Automate and Password Center are all you need to show you how easily this will work for you.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.