Airlock IAM knows two types of password change self-services:
Voluntary password change | The user chooses to change the password and enters the old and the new password. Airlock IAM provides
|
Mandatory password change | The user is forced to change the password during the login process. The login process fails if the password cannot be changed. Password change is enforced when:
Since the mandatory password change is part of the login process, entering the existing password is optional (depending on configuration). |
The voluntary password change self-service may be used after the existing password has been stolen or revealed to non-legitimate persons.
It is therefore good practice to log out all persistently logged-in browsers and devices (OAuth, remember-me features). This can be done by configuring the corresponding steps after setting the new password.