5.5 Passphrase Security System Scenarios

The information provided in this section describes the user experience in environments where the passphrase security system has been enabled and disabled.

Scenario 1: The passphrase security system is disabled in a previously enabled environment

When the passphrase security system is disabled in an environment where it was previously enabled, the following message appears to users when they log in for the first time, after the change.

Figure 5-1 Passphrase Security Prompt

If the user clicks OK, the disabling of the passphrase security system is approved and the user is prompted for the current password. The approval is complete when the user provides the password.

If the user click Cancel, the passphrase security system disabling is delayed and the user is prompted with the message until he or she click OK to approve the change.

NOTE:Users must answer the passphrase answer to prevent the administrators to toggle this preference and allow an unauthorized user access Novell SecureLogin.

Scenario 2: The passphrase security system is re-enabled in a previously disabled environment

If the passphrase security system is re-enabled, the Passphrase Setup dialog box is displayed (similar to when a user logs in for the first time after installing Novell SecureLogin.)

If the user clicks OK, the user resets the passphrase question and answer.

If the user clicks Cancel, there is a delay in enabling the passphrases for the user’s workstation. The user is prompted at subsequent log ins until he or she specify the a passphrase question and answer.

Scenario 3: The passphrase security system is disabled and the user has changed his or her passwords (restrictions for moving user objects)

If you have disabled the passphrase security system and reset the user’s password:

Scenario 4: Forgotten Passphrase

If a user forgets a his or her passphrase answer, the SecureLogin data, including their passphrase. You must delete the user’s existing SecureLogin datastore.

After the datastore is deleted, the user’s corporate applications, credentials, preferences, and user policies are permanently removed. You must then reset the user’s corporate password before he or she can log in and reconfigure the applications by using Novell SecureLogin.

The next time Novell SecureLogin starts, he or she must manually log in. Novell SecureLogin then detects that a passphrase is not set and prompts the user to set up the passphrase before continuing. You can create a list of predefined list of passphrases questions.

After the user has set a new passphrase, he or she is required to re-enter the application usernames and passwords. It it is not done, an unauthorized could breach security by clearing the passphrase, entering a new passphrase, and accessing the actual user’s credentials.

You might need to reset the user’s application passwords as they might have forgotten them.