Windows Desktop MFA - How to update Password on expiry (domain-joined)

idemeum team -

Overview

As idemeum leverages certificate-based authentication for Desktop MFA solution, password reset won't be required unless Admin enforces password reset.

  • There are User Account options available for an Admin to choose from, where enabling either of the options will ensure password reset will not be required.
  • And if an Organization has a password policy to reset the password after a particular duration, idemeum passwordless login will indicate to the user that the password has expired. In those cases, please follow the steps listed in the section - Resetting passwords.

User Account options

Open Server Manager -> Tools -> Active Directory Users and Computers -> choose any user account -> open its properties. Alternatively, this can also be applied to user groups.

  • Option a: Enable Password never expires
  • Option b: Enable User cannot change password
  • Option c: Enable Smart card is required for interactive login

Resetting Passwords

  • When the User's password is expired, scanning the QR code or tapping the RFID badge, the message "The password for this account has expired" is shown.
  • Click Cancel
  • Click Other User -> Enter the username and old password -> Press Enter
  • Message Your password has expired and must be changed is shown.
  • Click OK
  • Enter username, old password, New password, Confirm password -> Press Enter.
  • The User is logged into the session after Windows completes the update password successfully.
  • Do a manual Sign-out, and you can continue using the idemeum Passwordless login by scanning the QR code or tapping the RFID badge.