Lotus Notes 8.5 Security: Does it Deliver?

Big changes are afoot with the release of Lotus Notes 8.5. The most notable new features are three that were developed to enhance security and user access: the Notes Shared Login, the ID Vault for forgotten password recovery, and Roaming User capabilities.

There are challenges with Notes Shared Login, which IBM itself acknowledges on the IBM Lotus Website. These challenges include certain conditions in which Notes Shared Login cannot be used, as it will not work. Conversely, there are features both old and new that will not work when Notes Shared Login is activated. For example, you cannot use a smart card to log in to Lotus Notes, log in as a roaming user with a roaming ID or run Notes in a Citrix environment. Also, the Roaming User capability that is now featured in Notes 8.5 does not work.

Another key point regarding Notes 8.5 is that, because Notes 8.5 enables users to log into Notes with their Windows password, Lotus implies there is integration with Active Directory when, in fact, there is not. Active Directory and the Active Directory password policies are not used for Notes Client authentication.

Talking to our customers, we find that Active Directory integration is of true value. Having a central point of authentication enables our customers to simplify access for their end-users and centralize management for administrators. 


This is a new blog brought to you by PistolStar, an IT security company specializing in authentication technologies. We will be providing you with our knowledge and perspective on the latest developments in authentication and security, as well as what we are hearing from our customers and organizations who are facing the challenges of securing critical data, controlling user access, monitoring user activity, and meeting the requirements of regulatory compliance — all while maintaining ease of use.  

We welcome you to contribute your viewpoints and help us in building a community of security professionals who have a stake in the evolution of authentication technologies. This is your forum for conveying what works and what doesn’t among the latest authentication solutions and trends.