Password Change Tool

Tool for supporting and applying of GDPR (General Data Protection Regulation) and for simplifying internal administration tasks regarding passwords

Dear Visitors,

Please note that the following text is a translation from the German language. As a result, some parts could have become misunderstood. For reference, please use the German original version.

Background

We - the Lucatec® GmbH - are the IT health center!

In keeping with the motto "IT is healthy all round", we support small and medium-sized companies in Bremen and around. It is particularly important to us to know exactly the requirements of our customers for their IT and to support them in the realization of their wishes in the best possible way.

As an IT company, we also support our customers in the area of ​​IT security, in today's world a topic that is becoming increasingly important for companies. Together we develop tailor-made IT security solutions, this includes, among others Firewall systems, antivirus solutions, as well as the protection of smartphones and tablets.

The GDPR has been keeping companies with privacy issues for some time now and provided that suitable so-called "technical and organizational measures" (TOMs) for corresponding IT systems. If those have not yet been defined and implemented, this should be done as soon as possible in order to make the handling of personal data GDPR compliant to realize.

A critical issue is always securing access to systems involved in the processing of personal information. One aspect is the handling and organization of passwords:

  • How long does it have to be at least?
  • What types of characters must it contain?
  • How often does it have to be changed?
  • How similar may it be to "obvious" words or previous passwords?
  • And how do you ensure that everyone involved follows the same guidelines?

Problem

One of our customers spoke to us while a concept for the implementation of the GDPR was created. Especially the subject of passwords was of great interest, because within the said company there are very different types of employees who use the internal and external systems differently. This also resulted in a partially different treatment of e.g. external employees and field staff.

Lucatec was commissioned to create a field service solution that will allow the introduction of the new group policy on passwords for all employees. The interaction of the employees should be made as user-friendly as possible password changes (especially for field staff). The introduction of group policy also had consequences for field staff. These use local users on the terminals to use programs, e.g. Microsoft Outlook, however, users of the company domain are used. Thereby among others password changes at regular intervals and the use of just these newly set passwords necessary to achieve a positive verification.

As an exception to the usual way of working, the activities of field staff have turned out to be mainly or from time to time

  1. work with mobile devices and user accounts on these devices, which are not part of the company domain - automatisms with regard to the password rewriting therefore have only limited or no access,
  2. are not directly connected to the corporate network - the connection to e.g. email and file servers are established over third-party, mobile or private networks
  3. work completely offline, without any network connection, and still have access to cached or otherwise secure information - e.g. emails, documents and other files.

Such employees must therefore be treated separately for previously enumerated reasons. The motivation is to prevent users from making false entries by modifying passwords in good time according to the policy and adapting them to required applications. This greatly reduces the likelihood of (automatic) incorrect entries and minimizes the need for password reset administrator activities. Our network technology and software department employees have jointly developed a concept for querying password status and renewal.

Conceptual Solution

The solution to the above problem consists of 2 components - a web service and a tool for use on the terminal. Together, both components allow for password validation and, if necessary, changing the current password.

Web Service

The web service is set up in the company network and offers the possibility to make inquiries to the company's Active Directory. The nature of such requests is limited to

  • querying password validity for a particular user
  • and changing the previous password.

For this connection and authentication data are stored, which allow a corresponding connection and authorization for the addressed Active Directory.

In either of the above types of requests, the appropriate information (e.g. password validity and password change success) is sent back to the desktop client so that it can initiate further action based thereon. Further inquiries or other functionality have not been considered in the development so far, but are basically possible - such as detailed information about the user, display of applicable policies, unlock accounts, etc.

Desktop Client

Our customer had specific requirements for the desktop client, which is used on the devices:

  1. No delays, if no actions of the user are necessary:
    • If the password is still valid, the user should not be able to notice the desktop client and continue working immediately.
  2. Launch applications after password verification or renewal:
    • If the current password is still valid and no renewal is necessary, then a specific application should be started (for example Microsoft Outlook 2013).
    • If the password was changed successfully, then another application should be started.
  3. The desktop client should be integrated as smoothly as possible into the daily work routine:
    • The users should not be affected in their daily work, but they should be notified as soon as a password renewal is necessary.

To meet the above requirements, the following functionality has been implemented:

  • If no password change is required, the stored application is started and the desktop client is immediately terminated. This results in a minimum display time of the desktop client.
  • If a password change is required and this has been carried out successfully, another application can be started.
  • To integrate the password check as invisibly as possible, shortcuts to applications can be replaced by links to the Password Reset Tool. You could also use the icon of the application as a symbol of the new link. So you get the impression you start the wanted application and the password verification is carried out beforehand.

Program Sequence

Applied Technology

Common

  • .NET Framework 4.6.1
  • Microsoft CSharp 4.0.0.0
  • Microsoft Windows 10
  • Visual Studio 2017 15.8.2

Web Service

  • .NET Core 2.0
  • Microsoft Asp.Net Core 2.0.8
  • Microsoft Asp.Net WebApi Core 5.2.6
  • Microsoft IIS
  • Newtonsoft JSON.NET 11.0.0.0
  • NLog Web Asp.Net Core 4.5.4

Desktop Client

  • .NET Framework 4.6.1
  • Newtonsoft JSON.NET 11.0.0.0

We would love to make our knowledge and experience work for you to design and implement your custom-made software solution or interface to third-party products.

Do you have questions about our services? Do you already have an idea you would like us to discuss and implement with you? Then don't hesitate to call or write to us using the following form:

Write to us about your project vision

Contact

  • +49 (421) 57953-0
  • Lucatec GmbH Gutenbergstr. 22 D‑28816 Stuhr Germany