ºÚÁϺ£½Ç91Èë¿Ú

Manage Windows Passwords

Your users can change their password at any time from their device, or they can be forced to change it when their password expires.

For users on Windows devices, they can change their password in various ways. We recommend they use the following methods in the order they’re listed:

  • From the ºÚÁϺ£½Ç91Èë¿Ú Windows App running in the system tray. For more information, see Users: Change Your Password in the Windows App.
  • Press Ctrl+Alt+Del and choose Change Password.
  • Open the log in page for the ºÚÁϺ£½Ç91Èë¿Ú User Portal and select Reset User Password.ÌýFor more information, see Change Your User Portal Password.Ìý
  • Inside the ºÚÁϺ£½Ç91Èë¿Ú User Portal, go to Security Settings.
  • Use the link inside a password expiration email. If you enable the Password expires after N days option, users receive one email a day for 7 days leading up to their password's expiration that asks them to reset their password.

Prerequisites

  • The device must be managed by ºÚÁϺ£½Ç91Èë¿Ú through the Windows agent. See Understand the Agent.
  • The Windows device must be running a supported version, see Windows Agent Compatibility.
  • ºÚÁϺ£½Ç91Èë¿Ú managed Windows users need an active internet connection to change their password.
  • Users can't be locked out of their ºÚÁϺ£½Ç91Èë¿Ú account, see about Password Statuses.
  • User accounts can't have expired passwords.

Considerations

  • If you have MFA enabled in your organization, your users will need to verify their identity using MFA before they can change their password. They can use Push MFA though the ºÚÁϺ£½Ç91Èë¿Ú Protect app, TOTP MFA through either ºÚÁϺ£½Ç91Èë¿Ú Protect or another authenticator, or use Duo. However, Duo is only available if it’s the only form of MFA available. 
  • Passwords changed locally using Ctrl+Alt+Del will update the Windows Credential Manager and the Data Protection API.
  • User accounts managed by Active Directory using AD integration won't be able to use the Windows App to reset their password.
  • A known issue exists for Windows 8, 8.1, and Server 2012: if a user is on a slow internet connection, they can click Cancel before they see the password change confirmation screen. In this case, the password change operation isn't stopped, but the user isn't notified of success or failure. This is a limitation of the previously mentioned Windows versions and can't be controlled by ºÚÁϺ£½Ç91Èë¿Ú.

ºÚÁϺ£½Ç91Èë¿Ú Windows App

The ºÚÁϺ£½Ç91Èë¿Ú Windows App is the preferred method for user password changes on Windows devices. Below is an overview of the user process. For specific user instructions, see Users: Change Your Password in the Windows App. Note that when you change your password, any active sessions (User Portal, SSO applications, etc.) will be terminated.

The user flow:

  1. In the system tray, open the ºÚÁϺ£½Ç91Èë¿Ú Windows App.
  2. To change the password, type in your previous password, followed by the new password twice for confirmation.
  3. If MFA is enabled for your ºÚÁϺ£½Ç91Èë¿Ú account, you need to authenticate your account. Depending on the types of MFA enabled by your organization, you'll see one of two options:

Note:

A cancel button displays on the logon screen while you are verifying your identity using Push MFA. Clicking this button has no effect on the push notification. 

  • TOTP: Enter a six-digit code from an authenticator app such as ºÚÁϺ£½Ç91Èë¿Ú Protect or Google Authenticator.

Note:

The Duo app is also supported, but is only used when no other form of MFA has been enabled. If you are using duo as your only form of MFA verification, you will receive a notification on your device to verify your identity. See Use Duo Security with ºÚÁϺ£½Ç91Èë¿Ú MFA

  1. The new password is instantly synchronized with any other password stores.
  2. The Windows device agent then contacts ºÚÁϺ£½Ç91Èë¿Ú's credential management services through a secure Transport Layer Security (TLS) connection.
  3. The device agent synchronizes changes from the device to ºÚÁϺ£½Ç91Èë¿Ú and all the resources ºÚÁϺ£½Ç91Èë¿Ú manages. If you're using AD Sync, the password changes sync to Active Directory® as well.

Before you begin

  • User accounts managed by Active Directory using AD integration won't be able to use the Windows App to reset their password.
  • Leverage a toolkit of emails and help articles to communicate with your end users about the Windows Password Sync feature, how to use it, and other resources you may need to provide a user-friendly experience when going live with the Windows App.
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case