Password management
IdentifyMe offers two distinctive password features:
- Change password: users need to enter their current passwords to change their passwords.
- Reset password: available from version 5.14. Users can reset their passwords without entering their current ones. This feature needs extra configuration and security considerations.
Change password feature
To use the change password feature, you need to have a license file that covers the two IdentifyMe and IdentifyMe reset password features.
After that, you need to go to Safewhere Admin > Settings > System and enable the Users can reset their passwords option.
Try to log in to IdentifyMe and you can see the Change password feature appear on the homepage:
You can also access it from the menu:
The Change password page has a number of usability enhancements:
- Show/hide password (the "eye" feature): Clicking on the eye next to a password field reveals the entered password:
Password strength meter: We use the password strength meter library to measure strength of passwords. There are 4 levels of password strength:
- A password that is rated as Weak or Medium is not secure enough. The Save button is disabled.
- A password that is rated as Strong or Very Strong is considered good enough. IdentifyMe proceeds to check if the Confirm new password matches with the New password, and if the new password contains all required characters that are mandated by the Password policy regular expression.
Reset password feature
To enable the reset password, you need to take the steps to enable the Change password feature first. After that, you need to do the following steps:
You can create a free claim whose claim type is urn:can:resetpassword.
When a logged-in user has the urn:can:resetpassword claim and its value is true, the Reset password feature will show up. Please note that setting the claim value like in the screenshot below is for demonstration purpose only. In reality, you should use a claims transformation that can issue the claim conditionally, for example, when users log in to IdentifyMe by using an Identity Provider that can provide a high level of assurance such as NemID or MitID.
- IdentifyMe Homepage.
- Reset Password page.
Users need to enter all the required fields to reset their passwords.
Click the Save button to finish resetting: