Picture this: You’re an IT admin and you get a frantic message from an employee, Neil, who left his Windows computer in the back of a Lyft on a work trip in New York City. Neil is terrified his device could be compromised if his credentials are hacked (what Neil doesn’t tell you is that he’s written down his password on a Post-it Note that’s tucked in his laptop case and, against organizational security protocols, it’s a password he uses to log into several resources).
You spring into action to protect Neil’s identity and the data on his device: You’re logged into the JumpCloud Admin Console, and in under a minute and with just a few clicks you set a new temporary password for Neil, and click “Force Password Change” setting to require him to change the temporary password at the next logon to the device. Even though Neil’s old password was written on that Post-it Note, anyone who gets ahold of his laptop now won’t be able to use it to log on with Neil’s identity and access any work resources.
Situations like that imaginary one with Neil can happen to any organization, anywhere and any time. It doesn’t matter the size of your organization or the industry you’re in: IT administrators must be able to secure and manage user credentials with ease.
JumpCloud’s new Force Password Change setting can help admins quickly and efficiently protect device and resource access, and more: It expands the directory platform’s user identity management services to ensure IT teams can optimize employee onboarding, meet compliance requirements, and manage password criteria across the full end user lifecycle.
When Does Password Management Begin and End?
Often the first people a just-hired employee communicates with at a new job is an IT admin who’s responsible for setting the end user up on their work device during onboarding. This is the first time an end user needs to create one or multiple passwords to log into their work computer and resources.
Passwords are inherently more secure the fewer people who know them. During onboarding, IT will typically provide the new employee with a temporary password to use just one time to log into their work device. JumpCloud’s Force Password Change feature lets admins enforce that a new user update their one-time, pre-specified password the first time they log into the JumpCloud User Portal where they access resources like SSO applications, and upon the next time they log into their Windows or Mac device.
What about the benefits of requiring password changes for existing users?
In addition to IT teams being able to remotely protect an employee who suspects their credentials are compromised (like Neil), this feature also lets admins help users who just forget their password and need to reset it with a new one. JumpCloud also lets admins enforce end user password history so users cannot recycle the same password for up to 24 previously-used passwords.
That password aging option is found on JumpCloud’s User Security Settings page in the Admin Console, along with additional ways to manage and secure end user credentials like:
- Allowing end users to independently update an expired password at their next login without reaching out to IT for assistance, so they’re not locked out of their console or device when their password expires.
- Determining when end users’ passwords will expire to meet certain security and compliance standards.
- Enforcing organization-specific password policies like length and complexity.
JumpCloud Admins have these organization-wide settings as well as user-by-user password management to ensure they’re in control of the full end user lifecycle as an employee at an organization.
Meet Compliance by Requiring Password Changes
Another benefit of the Force Password Change setting is allowing IT teams to meet certain compliance requirements.
Some compliance standards ask organizations to control and prove end user password expiry and resets, such as:
- PCI: Users are required to change their passwords every 90 days and upon first use.
- HIPAA: Regulations recommend that a temporary password be changed on its first use, and the ability to enforce password expiration.
- CJIS: Passwords must expire within a maximum of 90 calendar days, and passwords cannot be identical to the previous 10 passwords used.
- SOX: Standard recommends that organizations follow password management best practices including changing passwords upon first use.
JumpCloud’s password settings allow IT teams to enforce best practice security postures and meet compliance for these regulations’ recommendations of first-use or first-login, password aging, and regular password resets that don’t recycle credentials.
If you’re considering JumpCloud to help meet your organization’s security and compliance standards, you can learn more about how the platform streamlines and simplifies proving and passing audits by watching this on-demand webinar.
Ready to Explore the Directory Platform?
IT admins working in the JumpCloud Directory Platform are able to easily manage end user passwords from onboarding across their full lifecycle at an organization. The ROI? A workforce that’s both better protected and more productive, thanks to IT’s behind-the-scenes password and security capabilities.
If you’re ready to explore the full JumpCloud platform for free — no credit card or payment information required — create your JumpCloud Free org today and test with 10 users and 10 devices. You’ll also have access to free premium 24×7 chat access for your first 10 days as a JumpCloud Admin, so you can maximize the beginning of your JumpCloud experience with support from platform experts.