The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for selective password synchronization.
Identity Management (IdM) is the management of individuals and their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks. One of the main functions of an IdM system is password management, which is an ability to set, reset, and/or change passwords on identities (accounts). Many IdM solutions provide the capability to synchronize passwords across accounts, but the current methodology lacks the granularity needed in real-world environments and security requirements.
That is, current password synchronization mechanisms within password management force a same password across all accounts owned by an individual, such that the same password has to be utilized on all accounts or none of the accounts. Therefore, these current password synchronization mechanisms fail to address typical real-world environments where individuals have multiple accounts on the same resource or multiple types of accounts with different risk levels. Further, most environments have some resources that require password complexity rules that are in conflict with other resources. In these environments, password synchronization fails, as there is no way to meet the conflicting password rules with the same password value.