Making the Most of NetIQ Password Policy Change Messages

In addition to its many fine and wonderful features pertaining to identity management, NetIQ offers within its eDirectory product the ability to define and assign multiple password policies. These policies can be configured in a variety of ways to offer companies and users strategic options regarding password security and management. However, one of the less often used features in these policies is the “Password Change Message” which allows additional details and information to be displayed to the end-user when attempting to change their password.

Why is this important or handy you may ask. Well, it can be as handy as you need it or want it to be actually.

As the name might suggest, administrators could display any number of messages to end-users using this option of the password policy. Let’s say that your organization had agreed to implement new policy changes that would impact the current password policies. Maybe additional requirements are going to be added to the current policy or perhaps some requirements will be removed. Administrators could use the Password Change Message field to provide reminders or notices to end-users who may not otherwise keep up with the typical mass mailouts that are commonly distributed electronically in may organizations today.

Similarly, this message could also serve has additional notification to end-users about upcoming outages that may impact password services or even provide post-outage updates that allow users to understand changes that may impact their ability to manage passwords or other affects that the outage may have on those processes to help reduce calls to your organization’s help desk because the end-users didn’t understand the change and how it affected them.

Of course, the Password Change Message is also an ideal spot for applying any organization-wide disclaimers or notices to end-users about security practices, common password errors, password synchronization times, etc. The field could be used to post general announcement and procedure to end-users as an extension of any training, documentation, or communications that are provided to the end-users when it comes to password management or account security.

This field can also be used to help overcome bugs or limitations on software. For example, NetIQ’s Self-Service Password Reset, or SSPR, has what I call a bug in version where it does not display the password policy’s maximum length parameter. The interface will show the end-user pretty much everything else related to the password policy except the new password’s max length. Older versions of SSPR showed that data so there is an expectation that the new versions would too. But in the event of that specific release version,, it did not show the policy’s max length setting. To get around that, we simply put the max length details as part of the Change Password Message on the password policy itself. Having that data in that field allowed SSPR to display the information once again.