Password synchronization is any process or technology that helps users to maintain a single password, subject to a single security policy, across multiple systems.
Password synchronization is an effective mechanism for addressing password management problems in medium to large organizations:
- Users with fewer passwords tend to remember them.
- Simpler password management means fewer problems and fewer help desk calls.
- Users with fewer passwords are less likely to write them down.
There are two ways to implement password synchronization:
- Transparent password synchronization, where native password changes, that already take place on a common system (example: Active Directory) are automatically propagated through the password management system to other systems and applications.
- Web-based password synchronization, where users change all of their passwords at once, using a web application.
One of the core features of Hitachi ID Password Manager is password synchronization.
Password Manager implements both transparent and web based password synchronization.
Scope of Password Synchronization
By default, users can select which of their target systems or accounts are to be included in a password update / synchronization. Users may synchronize passwords on some or all of their systems with a new password value.
Some accounts can be administratively removed from the synchronization process by moving them to a separate instance, with a shared password history database (and so prevented password reuse).
Some users and accounts can be administratively removed from Password Manager, to take them entirely out of password management scope. This can be done by specifying individual login IDs, wild-card patterns, or group membership on target systems.