Once a use has been authenticating to the network using a biometric, card, or token device for several months, it is expected that the Windows® password, which has not been used for the same amount of time, will have been forgotten.  However, this password does still indeed exist and has been used silently during network logon and application logon to AD integrated apps ever since the user enrolled his or her authenticator within Authasas.  This domain password is likely to expire every 90 days (on average), and depending on the exact workflow, the user may need to provide the current expiring password.

Authasas Advanced Authentication® will facilitate domain password retrieval during the process of a domain password change.  With the click of a button, the user may use his Authasas credential to automatically populate the “current password” field.  What happens next is a function of policy; the user may: 1) select a new Windows® password which conforms to the password policy enforced by group policy, or 2) have a new password automatically generated and submitted without the user’s knowledge of the new password.

Randomized domain passwords may be implemented immediately as Authasas Advanced Authentication® is deployed, or this may be a feature that is implemented at a later phase of the project.  Randomized passwords will continue to follow the existing policies configured for the user, or they may be enhanced to extend the minimum password length beyond the 24-character limit currently allowed by Windows® group policy.