<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!Password Synchronization

!How Password Synchronization Works
Password Synchronization is any software or network infrastructure that enables users to maintain [uniform Password values|Consistent Sign-On] on multiple Login Accounts, on multiple Host Systems. 

For instance, a user might have two UNIX accounts, one NetWare NDS account and one Windows NT account. A Password Synchronization system is any system that helps the user change all of these passwords simultaneously and thus keep them at the same value. 

! Advantages
The security objectives of Password Synchronization are: 
* To help users remember their passwords, so they don't write them down. 
* To make it possible to control password strength across all platforms in a uniform fashion. 
* To expire passwords on all systems simultaneously, rather than individually. 
* Allowing front-line helpdesk staff to reset passwords without having administrative rights to systems where those passwords are stored. 
* Enables user provisioning and enabling and disabling of users from one location.

Password Synchronization also reduces support costs, by: 
* Helping users to remember their passwords, so they don't call the helpdesk as frequently. 
* Reducing the time spent by users in password management. 
* Making it possible for administrators to reset passwords on multiple systems of different types from a single screen. 
* Allowing front-line helpdesk staff to reset passwords on unfamiliar platforms (e.g., mainframes, Unix systems, DBMS servers), with no special training.

While Password Synchronization indirectly affects the [Authentication] process, by updating Passwords, it is not directly involved in the process by which a user logs into any system. This makes it much simpler, cheaper and more reliable than [Single Sign-On|Single Sign-On] technologies. 

! Disadvantages
* The Keys to the Kingdom threat where if a users password is discovered, all applications and platforms used for SSO maybe susceptible.
* If the user forgets or otherwise is unable to use SSO, then they can not use any application implementing SSO.
* Scripts and/or agents used to synchronize passwords are quite fragile often requiring frequent updates.
* The entire system is complex and difficult to install.
* The software tends to be quite expensive.
* Requires users be connected to the network.

! Implementation Methods
There are two basic different implementation methodologies.
* Client based - The user's platform has an agent that updates passwords to all systems when the password is changed.
* Server based - The users password is updated by a server based agent that updates passwords to all systems when the password is changed.

Some of the disadvantages of Password Synchronization maybe overcome by using [Top-Down Synchronization|Top-DownSynchronization].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>