OAM: Lost Password Management

Similar Messages

• OAM Lost Password Management Error

  I keep getting the same error: "Response does not match the stored response" in oblix log. Also I always find "@1#" string added to my question?
  Did anyone face this issue? I have AD as ldap and OAM 10.1.4.2 BP10. Pls let me know.

  Hi,
  Below are the LPM Policy configurations:
  Challenge Pharse Source : Predefined
  Predefined Challenges Phrases: 5 Questions
                 1) What is the name of your first school?
                 2) What is your mother's maiden name?
                 3) What is your fav color?
                 4) What is your favourite movie?
                 5) What is your favourite place to visit?
  Minimum Challenges to configured: 2
  Challenge Response Minimum Length : 1
  Minimum challenges to be answered: 2
  Challenge Post Type : All at once
  Enable the LPM.
  When an User access the protected application for the first time, he/she is challenged to set his/her 2 CQ out of 5 (Lets say What is your fav color and what is your favourite movie is selected) provided with the responses for 2 CQ's.
  In the Backend directory Server (AD,OID,SunOne Iplanet,OVD) the above Challenge questions were saved in the format of what is your fav color?@1#what is your favourite movie?@2#
  Response values will be in encrypted form in OID.
  Regards,
  Ajay

• Multi Language support for lost password management in OAM

  We are trying to implement lost password management with multi-language support. We have updated lpm_changepwd.xsl for UI changes. Some of the text on the password change screen come for the lpm_changepwd.xsl. How can we have the text on the password change screen in multiple language?
  Thanks.
  Vinay

  Was able to do it by adding new files to the shared folder and updating the style in the lang folder to point to the new files.

• OAM Lost password confirmation page

  Hi,
  I am working with 10.1.4.2 and need to customize lost password app pages , i have changed lpm_changepwd.xsl for GUI changes ,but not able to figure out how to remove or modify confirmation page post change password . currently , I get "User Application" and your password has been changes with Back button.
  Please provide any detail if anyone has done UI customization.
  regards,
  Tom

  You can use lpm_cr.xsl to customize LPM Challenge response page.
  Harish Jangada

• OAM Lost Password Page customization

  I need to add extra text to the lost passwd mgmt page. I need to add some text after following standard text.
  Please answer your Challenge Question :
  http://<host>/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?backUrl=http://<host>/identity/oblix/apps/userservcenter/bin/userservcenter.cgi
  I looked style sheet but couldn't figure out anything. can anyone please guide me how to customize the lost passwd mgmt page?
  Thanks

  You can use lpm_cr.xsl to customize LPM Challenge response page.
  Harish Jangada

• Fingerprin​t Reader access to KeePass (from a Thinkpad with Password Manager)

  The goal: secure, convenient, automated login to password-protected sites
  KeyPass is a great open-source program for secure creation, storage and use of login passwords and other information. With a plugin called KeeForm, it allows very convenient automatic login to password-protected sites by clicking on a KeePass entry. To preclude unintended access to all of your secure information, it is wise to close Keepass after each use, or set Keepass to lock when minimized. But this is less convenient, because a long secure master password then has to be entered before each use of Keepass.
  Using a fingerprint reader to enter Keepass can be a big time saver while retaining security. Capacitive swipe fingerprint readers can be very secure, provided they operate through equally secure software. They are available as USB units, or integrated into some keyboards and notebook computers, for example some Lenovo ThinkPads.
  Unfortunately, set-up can be a challenge and there may be disadvantages even after the best workable interface between KeePass and a particular biometric system. This example uses the integrated fingerprint reader and software on a Lenovo ThinkPad X61.
  The problem: getting secure fingerprint software to use KeePass
  ThinkPads can use Lenovo fingerprint software alone for start-up into Windows, but they need additional layers of software (Client Security Solution - CSS, and Password Manager  - PM) to work with other programs including KeePass. PM uses CSS security functions.
  Cautions about Lenovo CSS:
  1. Some organisations advise against CSS because of problems including clashes with antivirus programs. See http://www.ncsu.edu/antivirus/lenovo/ and
  http://prowiki.isc.upenn.edu/wiki/ThinkVantage_Sof​tware_Under_Windows_Vista
  These bugs may have been fixed over time - but install at your own risk!
  2. CSS and PM introduce their own system overheads which may slow some operations.
  3. Once tried, CSS may not simply be inactivated while restoring basic fingerprint start-up into Windows. The X61 at least insists that CSS be reactivated for any fingerprint function. If you try a Windows system restore to a time before CSS was first activated, you may experience the ‘blue screen of death'. The security chip evidently regards your desire for a past configuration as a security breach. With luck you may ‘live again' if you can log into Windows in Safe Mode to undo the attempted system restore. After that, I reactivated CSS. I was not game to try uninstall after inactivation of CSS - but see the ncsu link above.
  Having decided to accept the ‘risks' of activating CSS and PM, you may want to try PM for all password management. For me it would not recognise some internet logins, could not complete auto-submission in others, and did not allow the manual adjustments that make KeePass so versatile. Unfortunately PM help is very limited. There is no current user manual (old manuals up to v1.4 available on the web do not match the properties of the current v3 of the software). KeePass (or the KeeForm plugin) also struggles with some sites, but it works much better overall. Help on KeeForm plugin syntax is limited, but otherwise KeePass help is great.
  So we really want the fingerprint reader (via PM) to work for KeePass master password entry.
  This is not so simple for five interacting reasons:
  (i)  It is tricky to register KeePass in PM;
  (ii) PM then gets confused by ‘hidden' entry of a master password during fingerprint login to KeePass, and repeatedly tries to save ****** as a changed master password;
  (iii) PM also tries to automatically register each entry opened for editing within KeePass;
  (iv) PM tries to automatically register other logins even if they are managed through KeePass.
  (v) Your KeePass records are now only as secure as your PM login (which is likely to be your Windows login).
  The solutions: or workarounds at least
  The best workarounds I could develop for these five issues were:
  (i) To register KeePass in PM, first ensure that PM is running (icon in the system tray). Then launch KeePass, click the login window box for unobscured password display (three blue dots turn black), enter the master password and click OK to start KeePass as usual.
  If PM does not offer to save an entry for KeePass by this stage, try ‘plan B'. Open a window to edit an entry in KeePass, then click Cancel. PM seems to recognise this more readily as a login window and may offer to create an entry. Accept the offer, and name the entry KeePass. Then open PM to edit the saved entry. You will have to edit several fields to achieve an effective PM entry for KeePass:
  The title field must be "Open database - database.kdb", to match the title of the KeePass login window.
  The file name field should show the full path to KeePass.exe (something like C:\Program Files\KeePass\PeePass.exe depending on your installation).
  The login and password data field is accessed by double clicking the entry. It will need to show only your KeePass master password (in the unobscured text view). In login and password data, delete each line of unwanted text until you get to the final password line (shown as *****), and edit this line to provide your master password.
  In the Advanced tab, select auto-fill and auto-submit and the desired security level [see (v) below]. Then select OK to get to the PM front window, and File - Save Changes, then Exit.
  Now when you close and re-launch KeePass, PM should automatically intervene (requesting a fingerprint to complete the KeePass login if you selected that security level. Select ‘No' when PM asks to change the password [see (ii) below].
  If you had no luck, try ‘plan C'. Close KeePass completely, then launch it again to open the login window. Then right-click the PM icon in the system tray, open the ‘Type and Transfer Tool', click the box for unobscured password display, type in the KeePass master password, drag the cross-hairs to the password field in the waiting KeePass login window, and release the password there. Click OK to start KeePass as usual, then click OK to close the PM transfer window. If there is still no KeePass entry in PM, check that KeePass has not been included in the PM excluded programs list. If this sequence does not work, reboot and check again. Failing all else, any entry that PM succeeds in making from any login page can be edited to an effective KeePass entry by editing fields as described above for ‘plan B'.
  PM (v3.00) can be coy to associate initially, but it will accept KeePass (v1.14) as a password-managed program, and thereafter it reliably succeeds to auto-submit the KeePass login after some help described in (ii) below.
  (ii) Having sent the correct master password to the KeePass login window, PM becomes confused by the ‘hidden' text now in the password field, and offers to change its record of your KeyPass master password to ******. You can manually select ‘No' in the PM changed-password dialogue box that appears every time you use PM / fingerprint for KeePass login. But Beware: if you ever accidentally select ‘Yes' (the default) your KeePass master password record in PM will be changed to ******. This can be edited to provide the correct password again, but it is more than a minor pain in the AR5E. Unless you know (or have a backup of) your KeePass master password you just lost access to your KeePass database!
  To avoid this big nuisance and risk, you can set up to restart KeePass for each use from a desktop shortcut (instead of minimising it to the system tray) and have the shortcut run a batch file with vbs scripts that send the ‘No' message to PM automatically.
  Here is an example batch file, with corresponding vbs scripts. You can make all these files using Notepad and save the files with the names indicated, into the KeePass program directory (C:\Program Files\KeePass in this example).
  KeePass.bat (This launches KeePass and tells PM v3 not to change the password. Caution: If Lenovo changed PM program design in future, the effect could change; the batch file might send {TAB}{ENTER} keystrokes to another open window on your computer):
  C:
  cd\
  cd "C:\Program Files\KeePass"
  start " " "C:\Program Files\KeePass\KeePass.exe" "C:\Program Files\KeePass\Database.kdb"
  start /w Sleep.vbs 1
  start /w AppActivate.vbs
  start /w SendKeys.vbs
  Sleep.vbs (provides a short delay to open the ThinkVantage dialogue window, otherwise the following scripts fail because they are sent too soon):
  Wscript.Sleep Wscript.Arguments(0) * 1000
  AppActivate.vbs (puts focus on the ThinkVantage  Password change dialogue window so that Tab and Enter commands are not sent elsewhere with undesired effects):
  CreateObject("WScript.Shell").AppActivate "ThinkVantage Password Manager"
  SendKeys.vbs (sends a ‘No' response to the PM request to change its KeePass entry):
  CreateObject("WScript.Shell").SendKeys "{TAB}{ENTER}"
  Please substitute ) where you see smileywink: in the vbs scripts above - I can't get this forum window to stop automatically translating the " ) sequence of text (without a space) as an emoticon.
  This batch file approach should work with additional startup switches for KeePass, for example the /backup.path: switch used by ‘another backup' plugin (or you can use the db_backup plugin that works from the KeePass.ini file). Quotes are needed around any entry with spaces. But some things that ‘should work' such as just writing "KeePass.exe" instead of the full path in line 4 of the batch file do not give the same outcome for me. This may be an effect on timing of the switch of focus between windows - so if you strike a problem it may be worth experimenting with the delay time set through the sleep script.
  If you set KeePass to lock when minimised, you will have to deal manually with the PM changed-password dialogue every time you re-access KeePass. So it is simpler to close rather than minimise KeePass after each use and restart it when needed, via the batch file.
  (iii) You have to tell PM ‘No' whenever it offers to save an entry that is edited in KeePass. This is less of a nuisance, because entries rarely need to be edited once set up in Keepass.  There is no way to turn off this requirement. If you select ‘Never' it will prevent use of PM and therefore fingerprint entry to start KeePass (not just the edit window).
  (iv) Turn off internet login within PM. This will leave all internet logins to KeePass. Unfortunately you can not set PM to only allow a single program login (KeePass), but you can set it to exclude specific programs, so do that for other programs that you access via KeePass.
  (v) Finally, set PM security within CSS so that a fingerprint (or a password if the fingerprint reader fails) is needed every time PM is launched (not just once per boot). Similarly, set KeePass security this way within PM. Otherwise (if you set the requirement to once per boot) your passwords are open to inspection while you are away from your booted computer.
  Caution: How secure is your Windows login password? Most likely this is also your PM login password, so it now allows access to your KeePass database! Make sure that it is a unique, secure and preferably memorable password.
  How close are we now to the desired combination of security and convenience?
  Click on the KeePass shortcut to the batch file given above, swipe the fingerprint, wait while CSS works, then click on the relevant Keepass entry to access any password-protected site or application in your Keypass list - great convenience.
  Security is very strong - both KeePass and PM are extremely secure unless you use a weak or insecure master password or select less secure settings.
  Starting (or opening a locked instance of) KeePass without the batch file given above requires a couple of extra carefully-placed clicks in the process to tell PM not to mess up its entry for KeePass, then to complete KeePass startup. This is less convenient, and a mistake could prevent future database access - so the batch file method is recommended.
  A final caution (while enjoying secure & convenient logins):
  Beware - fingerprint access is so convenient that you may forget your master passwords! Eventually they will be needed! You may click the wrong button in PM, suffer a faulty fingerprint reader or change computers! Then you must recall your master passwords before you can access your password file (and possibly your computer). This could be devastating: loss of all secure password information in KeePass and PM (and possibly loss of all information on a protected computer drive, not to mention need to pay for a computer motherboard and HDD replacement). So:
  1. Choose very secure but ‘unforgettable' master passwords for KeePass and computer (PM) access.
  2. Always set up a secure master password as an alternative to biometric authentication (in case of a faulty fingerprint reader).
  3. Keep your password database backups, and your separate master password backups, in another secure (preferably encrypted) but accessible location!
  Program versions tested:
  KeePass v1.14 (v2 betas not tested) with KeeForm v2 and DB_Backup v1.14
  Lenovo CSS v8.20 with PM v3.00
  The solutions were tested in November 2008 on a Thinkpad X61 running Windows Vista Business. The tricks to interface with KeePass can vary between fingerprint programs (search the KeePass forum).
  Message Edited by r_g_b on 11-03-2008 07:01 PM
  Message Edited by r_g_b on 11-04-2008 12:00 AM

  I'm reviving quite an old topic here, but I have been unable to find any other good information on this.  I currently use the latest version of Keepass v2.23 and have Lenovo Passoword Manager v4.3 installed on my new W530 laptop.  I can't get PM to recognize any passowords at all, in web browsers or in windows application.  
  In PM the only thing I can do is create folders and secure notes.  My fingerprint software works great for automated logins to windows.  Does anyone have any experience with using the fingerprint reader with a windows application like Keepass?  
  How can I get the Password manager to do ... anything?  Recognize a password in windows or a web browser?
  I'm open to any other software to be used or I can write scripts if necessary to accomplish this.  It doesn't seem like this should be so difficult, but from what I've learned about Lenovo so far, is that nothing is easy.  After trying to get battery charge thresholds working proplery in Windows 8, I've already lost faith in a company that I thought had a great reputation.  

• HT6170 lost password id apple and lost recovery key

  I lost password id apple and lost recovery key,how to reset my password

  Do you have another trusted device for two-step verification?
  See:  Frequently asked questions about two-step verification for Apple ID   
  http://support.apple.com/kb/HT5570
  What if I lose my Recovery Key?
  If you lose your Recovery Key, you can replace it any time:
  Go to My Apple ID.
  Select Manage your Apple ID and sign in with your password and trusted device.
  Select Password and Security.
  Under Recovery Key, select Replace Lost Key.
  When you create a new key, your old Recovery Key is no longer usable.
  and
  What if I forget my Apple ID password?
  You can reset it at My Apple ID using your Recovery Key and one of your trusted devices.
  Apple Support can't reset your password for you. To reset your password, you must have your Recovery Key and access to at least one of your trusted devices.
  if you have neither your AppleID password, nor your Recovery Key, nor a trusted device, not even Apple can help you to get access to your account.

• How can I retrieve a lost password from my computer necessary to install Adobe flash player

  How can I retrieve a lost password from my computer necessary to install Adobe flash player

  Forgot Your Account Password
  For Lion, Mountain Lion, or Mavericks
      Boot to the Recovery HD:
  Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.
       When the menubar appears select Terminal from the Utilities menu.
       Enter resetpassword at the prompt and press RETURN. Follow
       instructions in the dialog window that will appear.
       Or see:
         Reset a Mac OS X 10.7 Lion Password
         OS X Mountain Lion- Reset a login password,
         OS X Mavericks- Solve password problems,
         OS X Lion- Apple ID can be used to reset your user account password.
  For Snow Leopard and earlier with installer DVD
       Mac OS X 10.6- If you forget your administrator password,
       OS X- Changing or resetting an account password (Snow Leopard and earlier).
  For Snow Leopard and earlier without installer DVD
      How to reset your Mac OS X password without an installer disc | MacYourself
      Reset OS X Password Without an OS X CD — Tech News and Analysis
      How To Create A New Administrator Account - Hack Mac

• DB Password Management

  Setup: Primary database and a physical standby database (READ ONLY). Users need to use the physical standby database for reporting purposes, BUT with very strict password management requirements that their password must be changed every 2 or 3 days. Given the users must be created in the primary database and the physical standby database, archived logs will only be applied at 7pm nightly. So, if a user's password needs to be renewed, my requirement is to lock the account. This will result in lost time for the user and/or me given that once the account is locked, it will need to be unlocked and flow, I would think, from the primary database back to the physical standby database.
  Anyone run into strict password management issues such as this, given a similar configuration? Any suggestions and/or helpful hints would be greatly appreciated!

  If they're so dead-set on having passwords change so frequently, I expect they're willing to invest the time to implement and move to OID.
  I work at a financial institution as well but no one has ever suggested password changes at anywhere near that frequency-- it's not a particularly rational request. In addition to the fact that half the DBA's time would be spent resetting passwords, everyones password would expire over every long weekend, every vacation, etc. It also wouldn't do anything to help security since everyone's desk would be covered with post-its full of passwords.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• Password Manager asks too authentica​te every time...

  Using Windows 7 Ultimate x64, Password Manager version 3.20.
  Every time a password is needed, the Password Manager requires me to authenticate, either using my fingerprint or Windows password. I understand doing that once per Windows session (or even once per browser session), but this almost defeats the purpose. It takes me about as much time to enter my highly secure (i.e. long, etc.) Windows password as it does to enter username/password combos for forums, etc.
  Is there a way to change this behavior?
  TIA,
  SA.

  Are you mean to antomatic log on your PC without a password requried?
  In Windows 7, you can create a user account password if you do not want unauthorized users to use your computer to make system changes or download content. Once enabled, Windows 7 prompts you to enter your password when you restart your computer, or when you resume use after hibernation. If you are the only user for your computer, disable/ or reset your password and allow your computer to log on automatically.
  Difficulty: Moderately Easy
  Instructions:
  Click the "Start" menu, click the "Control Panel" and click "User Accounts" to launch the User Accounts Control Panel.
  Click the "Remove Password." Click "Manage another account" if you want to remove the password for another user account and then select the user account.
  Type your current password in the box under the "Are you sure you want to remove your password" dialog message and then click "Remove Password."
  Restart your computer. Your computer now launches automatically to the desktop.
  Hope this information can help you out. Anything about Windows password forgot, change, lost, set or reset solutions, you can find the answers from Google that you can input the keyword of the issues in the search box.

• Fingerprint & Password Manager & PrivateDisk

  Hi,
  First, I want to know how to use fingerprint when I click on the password manager icon? I already did it but my harddisk crash so I lost it. I think it become with an update of password manager (I use version 2.0.0 now) but now update manager don't update it because I still use Client security 7 probably. I didn't find any update on Lenovo support pages.
  Second, I want to know if it is possible to use fingerprint with PrivateDisk (via password manager probably)? I didn't find anyway to activate it. It is not in password manager block list.
  Thank you!
  Dany

  Hi,
  I'm using CSS 8.21.006 on which it's realy easy to configure.
  Not sure about CSS 7.
  However I would realy advice to use CSS 8.21 which is the latest, so that you can configure the whole, including Password Manager, so that by try to open Password Maanger you will be prompted to Swipe a finger.
  According the second question, I'm not sure. sorry
  Rgrds

• Where does Blackberry Desktop Manager save the Passwords in Password Manager?

  Ok, so I lost my Blackberry and am trying to figure out if there's any way to retrieve from password file from my laptop.
  I've poked around and even called AT&T but I can't find anything that looks like the Password Manager file. What would the file be named? What would the extension be? 

  No, you have to click on the little button in Desktop Manager that says "BACKUP".
  Your sync does not sync the Password Keeper.
  Have you ever done a Backup?
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• I have a password manager built into my fingerprint scanner. It worked on the older version of Firefox but it will not on this new version. It will not recognize log in pages and will not load information.

  With the old version, all I had to do was go to the log in page to any of my email accounts or membership sites and scan my finger. It would fill in the fields and open my account. I like this new version of Firefox, but if I am not able to use that password manager then I will have to install the older version.

  A 2008 black MacBook can run OS X Lion (OS X 10.7). However, if you want to use that Mac for apps that do not work with the new MacBook, I recommend you to leave it with Mac OS X 10.6.8, because OS X Lion removes compatibility with PowerPC apps.
  Do not worry about the battery of the new MacBook Pro. You can replace it yourself or take it to an Apple Store or reseller, and the cost is similar. However, it's important to take the Mac to an Apple Store or reseller if your Mac's battery fails while the Mac is in warranty, because you will get the battery replaced for free.

• How to delete wrong passwords saved in the password manager

  Hi, made a really stupid mistake by typing in my password incorrectly twice for a new email account, and think they have all been saved in the password manager... so now, everytime when I try to log in, three passwords will come up for me to choose.... really annoying, how can I delete the wrong passwords?? Please help

  Reading between the lines (...the word entire gave me a much needed clue) I realized that both my wife and I had passwords to this website and I needed to delete both sets of lines. After months of not thinking of this system quirk it's now done. Thanks.
  Of course, I had been clicking on the entire line, username-website-password, but it hadn't been working. I had given up months ago but now just felt lucky to try again.
  Ciao!
  J

• Looking for a good Password Manager App for the iPhone

  I'm looking for a good and reliable Password Manager App for the iPhone with sync capabilities on macs. I've read several reviews on several different apps on iTunes, and either they don't work properly, or they're a rip off, or they just don't sync or all of the above. Any recommendations?
  Thanks in advance.

  I've been very happy with 1Password, though I haven't used the iPhone component (not having an iPhone).
  Disclaimer: any product suggestion and link given is strictly for reference and represents my opinion only. No warranties express or implied. I get no personal benefit from the sale of any product I may recommend in any of my posts in the Discussions. Your mileage may vary. Void where prohibited. You must be this tall to ride. Objects in mirror may be closer than they appear. Preservatives added to improve freshness. No animals were harmed in the making of this post.