Introducing "Password of the Day": Smarter Access with RCDevs Badging
Yoann Traut (RCDevs)
Dear Community,
With the release of WebADM 2.4.3, OpenOTP 2.2.26, and OpenOTP Token 1.5.27, RCDevs has introduced a powerful new addition to its Badging capabilities: Password of the Day!
🔄 First, what’s Badging again?
RCDevs’ Badging feature lets users badge-in and badge-out using the OpenOTP Token mobile app. It’s a smart and flexible way to manage user presence, location, and access control policies.
Here’s what it offers:
Access Control Integration: User accounts can remain locked until a badge-in or check-in is performed — ensuring only present users can access resources.
Location-Based Access: You can grant different types of access depending on the user’s location, and dynamically assign them to specific groups.
Network Access Control (NAC): Users are automatically badged-in when their devices connect to the network, linking physical presence with digital authentication.
✨ What’s new?
In these latest versions, you’ll find a new “Password” option under the Lockout Policy section of OptionSets.
As a quick reminder: OptionSets apply custom policy settings to LDAP subtrees. When this new setting is enabled together with Badging, WebADM automatically manages user passwords based on their badging status.
A password is generated and assigned at badge-in.
Once the badge session ends (manually or automatically), the system replaces it with a new, random, high-entropy password.
❓ What happens after badging expires?
When the badge session ends, the system immediately sets a strong, random password — effectively locking the account until the next badge-in.
✅ Why is this useful?
No need to think about password changes or complexity rules.
Personal passwords are completely removed from the equation.
Password policies can be more relaxed — credentials are short-lived and auto-rotated.
No more sticky notes or memorization — just open the OpenOTP Token app to view the daily password.
⚠️ What about service accounts?
This feature should not be used for service accounts — make sure they’re excluded from any OptionSet using Password of the Day.
📧 What about email clients and mobile apps?
Do you have to update the password every day on your mail apps?
No!
Just configure a WebADM Client Policy for your mail system and set the Login Mode to APPKEY. This way, authentication bypasses the LDAP password and works without any daily changes.
👀 How does it look?
Curious to see it in action? Here’s a quick visual preview of the Password of the Day feature inside the OpenOTP Token app
User Token before Badge-in/Check operation:
User Token after Badge-in/Check operation:
Enjoy the magic of automation, location-aware access, and daily-rotated security — all in one feature!