Password Expiry Alert Agent

Automates password expiry alerts for customers to ensure updates, reduce lockouts, and enhance account security.

About the Agent

The Password Expiry Alert Agent uses generative AI to automate password expiry notifications, reducing manual effort and improving account security. The agent sends timely, personalized alerts through various communication channels, prompting customers to update their passwords before expiration. This minimizes account lockouts, improves the customer experience, and reduces password reset requests. A human feedback loop allows for continuous refinement of alert content and timing. By proactively addressing password security, the agent enhances customer satisfaction, reduces support workload, and strengthens overall system security.

Accuracy
TBD

Speed
TBD

Input Data Set

Sample of data set required for Password Expiry Alert Agent:

Account Security Policies

1. Password Expiration Policy

  • Password Expiry: All account passwords must be changed every 90 days to maintain high levels of security and prevent unauthorized access.
  • Notification Schedule:
    • Customers will receive notifications at 7 days, 3 days, and 1 day before the expiration date to remind them to update their password.
    • After password expiration, the account will automatically lock, and customers will be required to reset their password to regain access.
  • Grace Period:
    • In some cases, a 3-day grace period may be provided after the expiration, during which customers can still update their password without a full lockout.
    • After the grace period, account access will be fully suspended until the password is reset.

2. Password Requirements

To ensure account security, passwords must meet the following criteria:

  • Length: Must be at least 12 characters long.
  • Complexity: Passwords must contain at least:
    • One uppercase letter (A-Z)
    • One lowercase letter (a-z)
    • One numeric character (0-9)
    • One special character (e.g., !, $, @, #)
  • Password History:
    • Customers cannot reuse any of their previous 5 passwords.
    • The system will enforce this rule by keeping track of password changes to ensure that a password from the history cannot be used again.
  • Expiration and Change Enforcement:
    • If a password is not updated within the required time frame (90 days), customers will be forced to reset it upon the next login attempt.
  • Invalid Attempts:
    • After 5 consecutive failed login attempts, the account will be temporarily locked for 15 minutes as a security precaution.
    • Customers will be notified of suspicious login attempts to their email for further action.

3. Account Lockout Policy

  • Lockout on Expiry:
    • If the password expiration date is passed without a password change, the account will be automatically locked.
    • During the lockout, customers will not be able to access their account or any associated services until a password reset is completed.
  • Unlock Process:
    • The customer must initiate a password reset process using the "Forgot Password" option on the login page.
    • Once the password reset is successfully completed, the account lockout will be lifted, and the customer will regain full access to their account.
  • Account Suspicious Activity:
    • If unusual activity is detected (such as multiple failed login attempts), the account will be temporarily suspended for security reasons, and the customer will receive an email to verify their identity before reactivation.

4. Two-Factor Authentication (2FA)

  • Requirement:
    • Customers are encouraged to enable two-factor authentication (2FA) for an extra layer of security.
    • 2FA requires a second verification step during login, such as a code sent to the customer’s mobile device.
  • Methods:
    • The 2FA can be set up using the following methods:
      • SMS-based authentication (one-time code sent via text message)
      • Authenticator apps (e.g., Google Authenticator, Authy)
      • Email verification (secondary code sent via registered email address)
  • 2FA for Sensitive Operations:
    • Customers may be required to re-authenticate using 2FA for sensitive operations such as password changes, accessing billing information, or updating security settings.

5. Password Recovery Process

  • Forgotten Password:
    • Customers can reset their password anytime using the "Forgot Password" link on the login page.
    • They will be asked to enter their email address, after which a password reset link will be sent to their registered email.
  • Verification Steps:
    • To enhance security during password recovery, customers may be asked to answer a security question or input a verification code sent to their mobile device or email.
    • Once the password reset is completed, the customer will receive a confirmation email to notify them of the successful update.

6. Security Alerts and Breach Detection

  • Suspicious Login Activity:
    • Customers will receive an alert via email if the system detects multiple failed login attempts or logins from unfamiliar devices or locations.
    • They will be prompted to change their password immediately if unauthorized access is suspected.
  • Security Breach Notification:
    • In the case of a security breach or potential data compromise, affected customers will be notified immediately.
    • They will be required to reset their passwords and review their account activity for suspicious actions.

7. Contact Information for Support

If customers experience issues related to password management, account security, or account lockout, they can contact the support team through the following channels:

  • Email: security-support@fictionalcorp.com
  • Phone: +1-800-SECURE-ME (1-800-732-8736)
  • Live Chat: Available through our customer portal for real-time assistance.

For urgent matters related to account security, customers are encouraged to use the live chat feature for immediate help.

8. Best Practices for Password Security

  • Password Management Tools:
    • Customers are encouraged to use password management tools such as LastPass or 1Password to generate and store secure passwords.
  • Avoiding Phishing:
    • Customers should never share their passwords or personal information via email or SMS. Always verify the legitimacy of any security-related requests before responding.
  • Regular Security Checkups:
    • It is recommended that customers review their account activity regularly and update security settings (such as 2FA) as part of their regular account management routine.

By following these security policies, we ensure a safer and more secure experience for all our customers.

CustomerIDCustomerNameEmailPasswordExpiryDateAccountCreationDate
CUST101Alice Greenalice.green@fictionalcorp.com2024-10-182022-01-05
CUST102Robert Hillrobert.hill@startupheroes.com2024-10-152021-09-10
CUST103Sarah Watsonsarah.watson@globalfintech.com2024-10-192020-03-25
CUST104David Browndavid.brown@techvista.io2024-10-222019-07-14
CUST105Emma Williamsemma.williams@alphalabs.co2024-10-202021-11-29
CUST106Oliver Turneroliver.turner@innovatesoft.com2024-10-172020-05-11
CUST107Mia Rodriguezmia.rodriguez@bluewave.ai2024-10-212022-04-17
CUST108Liam Clarkeliam.clarke@prosys-tech.com2024-10-232021-08-19
CUST109Emily Martinezemily.martinez@cybersecure.com2024-10-252020-06-09
CUST110James Cooperjames.cooper@optimuscloud.com2024-10-242022-03-06

Deliverable Example

Sample output delivered by the Password Expiry Alert Agent:

Personalized Password Expiry Notification for Sarah Watson


Subject: Uh-Oh, Your Password is Expiring Soon, Sarah! 🕒


Hi Sarah,

Hope you're having a wonderful day! 😊 We wanted to give you a quick, friendly reminder that your account password is set to expire tomorrow, on October 19, 2024.

We know things can get busy, so we’re here to help you avoid any interruption to your account. All you need to do is update your password by tomorrow, and you’ll be good to go! Just click the link below to make sure everything stays secure and smooth:

👉 Update My Password Now

Thank you so much for keeping your account safe and secure. We promise it’ll only take a minute, and then you can get back to all the awesome things you're working on!

If you need any help, don’t hesitate to reach out. We’re always here for you.

Warmly,
The Friendly Security Team 😊


P.S.: Remember, your account's security is super important to us! Updating your password helps keep things safe and sound. We really appreciate you taking the time to do this. 💙