This guide provides technical instructions for the proactive rotation of an active password by an authenticated user within the IUSign Enterprise platform.
Prerequisites
- Successful authentication into the IUSign portal.
- Knowledge of the current active security credential.
- Understanding of organizational password rotation policies.
Strategic Overview
Periodic modification of account credentials is an essential component of enterprise security governance. IUSign enables authenticated users to rotate their passwords through a secure, multi-step verification process. This ensures that cryptographic protection remains current and defensible against long-term credential compromise. Every successful rotation triggers a global session termination to ensure that any unauthorized active sessions are immediately invalidated.
Implementation Sequence
1. Access Security Governance Module
Navigate to your Profile in the upper-right corner of the dashboard and select Settings. From the sidebar menu, choose the Security tab to access the credential management interface.
2. Authorization and Identity Verification
To ensure the request is authorized, the platform requires verification of the existing credential. Specify your current password in the Current Password field. This initiates an instantaneous cryptographic validation against the encrypted hash in the database.
3. Specification of the New Credential
Define your new security credential based on the following enterprise policy requirements:
| Governance Rule | Technical Specification |
|---|---|
| Complexity Requirements | Alphanumeric variety including symbols and mixed-case letters. |
| Minimum Length | 8 characters (12+ recommended for high-privilege roles). |
| Historical Uniqueness | The new credential cannot match any of the previous 5 passwords. |
4. Finalization and Global Session Reset
Confirm the new credential and select Change Password. Upon successful update, the platform executes a global session reset:
- Credential Update: The new password is re-hashed and stored using a high-cost hashing algorithm.
- Audit Logging: A
PASSWORD_CHANGEDevent is recorded with forensic metadata. - Forced Re-Authentication: All active sessions (except the current one) are terminated, requiring re-verification across all devices.
Security Notifications and Forensics
Upon successful modification, IUSign dispatches an automated security notification to your registered email address. This notification includes forensic data for your review:
- Timestamp: Exact UTC time of the modification.
- IP Origin: The IPv4/IPv6 address of the device that initiated the change.
- User Agent: Details regarding the browser and operating system utilized.
[!IMPORTANT] If you receive a password modification notification that was not initiated by you, immediately select the Secure Account Now action in the email to freeze your identity and notify your Tenant Administrator.
Diagnostic and Resolution Protocols
| System Exception | Probable Cause | Resolution Protocol |
|---|---|---|
| Current password invalid | Verification mismatch | Re-type the existing credential or initiate credential recovery. |
| Policy violation (Reuse) | Historical match | Select a credential that has not been utilized within the last 5 rotations. |
| Session expired | Temporal timeout | Re-authenticate and restart the modification workflow. |