Overview#
Password Grace Authentication is a concept within Password Management which allows limited Authentications beyond a Password Expired conditionPassword Policy Administrators MAY deploy a Password Policy that which enforces Password Periodic Changes - thus forcing users to change their passwords periodically.
As a side effect, there needs to be a way in which users are made aware of this need to perform a Password Change before a Password Expired condition exists.
One or both of the following methods handle this:
- A warning may be returned to the user sometime before his password is due to expire. If the user fails to heed this warning before the expiration time, his account will be locked.
- The user may perform Authentication a preset number of times after her Password Expired condition exists. If she fails to change her password during one of her Password Grace Authentications then a Password Locked condition exists.