Password management

Products

Password management

May 9, 2024

IdentifyMe offers two distinctive password features:

  • Change password: users need to enter their current passwords to change their passwords.
  • Reset password: available from version 5.14. Users can reset their passwords without entering their current ones. This feature needs extra configuration and security considerations.

Change password feature

To use the change password feature, you need to have a license file that covers the two IdentifyMe and IdentifyMe reset password features.

identify-license2.png

After that, you need to go to Safewhere Admin > Settings > System and enable the Users can reset their passwords option.

enable-resetpassword-feature.png

Try to log in to IdentifyMe and you can see the Change password feature appear on the homepage:

homepage-changepassword.png

You can also access it from the menu:

menu-changepassword.png

The Change password page has a number of usability enhancements:

  • Show/hide password (the "eye" feature): Clicking on the eye next to a password field reveals the entered password:

password-eyehint.png

  • Password strength meter: We use the password strength meter library to measure strength of passwords. There are 4 levels of password strength:

    • A password that is rated as Weak or Medium is not secure enough. The Save button is disabled.

    password-strength1.png

    password-strength2.png

    • A password that is rated as Strong or Very Strong is considered good enough. IdentifyMe proceeds to check if the Confirm new password matches with the New password, and if the new password contains all required characters that are mandated by the Password policy regular expression.

password-strength1.png

password-strength1.png

Reset password feature

To enable the reset password, you need to take the steps to enable the Change password feature first. After that, you need to do the following steps:

  1. You can create a free claim whose claim type is urn:can:resetpassword.

    claim-resetpassword.png

  2. When a logged-in user has the urn:can:resetpassword claim and its value is true, the Reset password feature will show up. Please note that setting the claim value like in the screenshot below is for demonstration purpose only. In reality, you should use a claims transformation that can issue the claim conditionally, for example, when users log in to IdentifyMe by using an Identity Provider that can provide a high level of assurance such as NemID or MitID.

    user-claim-resetpassword.png

    • IdentifyMe Homepage.

    homepage-resetpassword.png

    • Reset Password page.

    reset-password-page.png

  3. Users need to enter all the required fields to reset their passwords.

    input-resetpassword.png

  4. Click the Save button to finish resetting:

    resetpassword-success.png