Hitachi ID Password Manager (formerly P-Synch) makes it easy for users to maintain just one or two passwords across all of their login accounts. Two processes support this objective:

• Transparent Password Synchronization intercepts native password changes on key systems and automatically propagates the new password value to every other login ID, on the same or other systems, that belongs to the same user.
• Web-based Password Synchronization allows a user to set the same password value on multiple login accounts from a web interface.

Users can authenticate to Password Manager with something other than a password: hardware tokens, biometrics, smart cards, PKI certificates or challenge/response profiles. Once authenticated, users can reset their own passwords and clear any intruder lockout flags.

Support analysts can sign into Password Manager, look up a user profile, authenticate the caller, reset multiple passwords and clear intruder lockout flags. Password Manager automatically creates call tracking tickets and sends notification of the password reset to the user.

Password Manager enforces stringent requirements over the composition of all new passwords. There are over 50 built-in password rules, plus extensibility through a pattern matching engine and a plugin system.

Password Manager extracts a full list of user IDs from every managed system, nightly. Users who appear on authoritative systems automatically get Password Manager profiles. Accounts on systems where login IDs are consistent with the authoritative systems are automatically attached to user profiles. The user ID inventory is used to support self-service registration of non-standard login IDs.

Users are automatically prompted by e-mail to register with Password Manager. Prompting e-mails contain a URL where users sign in with a network OS login ID and password and fill in the blanks to supply their own challenge/response data and non-standard login IDs.

Users who forget their primary password and cannot sign into their own workstation can gain access to Password Manager using a variety of mechanisms, including their telephone, a secure kiosk account, a GINA service and a Vista/Windows 7 Credential Provider.

Over 100 events in Password Manager can trigger automatic creation, update or closure of a help desk ticket. These include sign-on success and failure, user profile lookup and update, password reset success and failure, password synchronization attempts, success and failure, intruder lockouts, etc.

The same events that can trigger call tracking integration can also trigger e-mails to be sent to users, administrators, security officers and more. In deployments requiring registration, e-mail can also prompt and remind users to register.

Users can be authenticated to Password Manager with any of:

• Passwords to trusted systems.
• Hardware tokens.
• Challenge response authentication, including multiple sets of multiple, randomly-selected questions.
• Smart cards and PKI certificates.
• Biometric samples.

Password Manager has built-in support for 100+ types of systems, including operating systems, directories, e-mail systems, ERP applications, databases and more. It can also be readily integrated with custom and vertical market applications, with little or no custom programming.

• Supporting every platform where a user may have a password makes synchronization more useful to users, as it eliminates exceptions to the "one password everywhere" rule.
• Built-in support for every relevant platform expedites deployment, as roll-out is not held up waiting for product enhancements.

Password Manager supports integrations with "complex" systems, including key recovery for full disk encryption software, updating cached passwords on Windows, password resets initiated for mobile users over temporary VPN connections and integration with single signon products to ensure smooth operation after a password change.

• Users are increasingly mobile and the ability to offer password management to mobile and possibly locked out users is essential.
• While AD and LDAP integration has reduced the number of back-end integrations most organizations must support, password caching, PKI, one time password tokens, smart cards and single sign-on have made the client component of password management more complex.