Delegate Password Reset to your Employees, find out how now!

Streamlining Identity Management. Accelerating Business Results. Open support ticket Email a friend! Sign me Up!

Solutions Products Support Partners Company News Contact

Products
	Avatier Password Station
		Architecture
		Benefits
		Cost Analysis
		Demo (gina)
		Demo (phone)
		Demo (web)
		Download
		Features
		FAQ
		Get Pricing
		Highlights
		Phone Reset Suite
		Requirements
		Supported Platforms

Download the

White Paper on Avatier's Self Service Account Management Now!

To learn how Avatier's solutions can help your business, call 800-609-8610.

TEL: 925-217-5170
FAX: 925-275-0853

info@avatier.com



	frequentlyaskedquestions

General Questions

What is Password Reset Station?
Password Reset Station allows users who forgot their password, or accidentally locked themselves out of their own accounts, to reset their own passwords and reactivate their own accounts without any assistance from the help desk. This improves employee productivity by ensuring round-the-clock access to vital business resources and applications. It saves time for the user by automating password reset and significantly reduces call volume to the help desk.

How is Password Reset Station used?
To reset a password using Password Reset Station at work, on the road, or at home, the user simply accesses the corporate designated Password Reset Station Web page from any Internet connection. After entering their domain name and network ID, they will be prompted to answer their personal identity verification questions. If the questions are answered correctly, Password Reset Station allows the authenticated user to securely select a new password and unlock their account.

How does self-service password reset work?
If users are locked out of their computer login screen, they log in with a special secure kiosk account. This account is typically called HELPME and has no password. As users login with this account a web browser in kiosk mode is run instead of starting the normal Windows desktop.

Alternatively, using a traditional web interface, users enter their network login ID.

Password Reset Station™ prompts users to authenticate -- by answering personal questions.

Once users correctly answers their personal questions, they can reset their own password or unlock their account. Locked-out accounts are automatically unlocked

How does Password Reset Station authenticate users?
Password Reset Station authenticates users with two personal identity questions that were chosen from a virtually unlimited list of customizable questions presented at enrollment time. Password Reset Station ships with a few dozen open-ended sample questions, but this list can be expanded and edited by Password Reset Station administrators.

What happens if a user fails the authentication process?
Password Reset Station will not allow a password reset or an account unlock until a proper authentication occurs. All attempts (and failures) are logged, and the application can be configured to automatically send an e-mail notification to your security administrator or the Help Desk group as well as the employee who's account is attempting to be reset.

How does the Help Desk know if a password reset has been performed?
Password Reset Station can log all activity and send e-mail alerts to your Help Desk, if desired. Password Reset Station provides a detailed audit trail that can be exported into Microsoft Excel or Access for further analysis.

How does the user know if the password reset was successful?
The user will see a “success” message upon completion of a successful password reset.

What are the procedures if a password reset is not successful?
If a reset fails, the product can be configured to generate an error message and e-mail notification. The employee would have to call the help desk for assistance if for some reason they were unsuccessful resetting their password though the system.

What is the cost of Password Reset Station? Does Avatier offer a software maintenance program?
If so, what does it cost? What are the details?
Pricing for Password Reset Station depends on the number of employees you want to enroll in the system and the number of platforms you want to allow self-service account administration.

A software maintenance plan is also available, which we highly recommend due to Avatier’s rapid development cycle. Your organization will always have the latest software version and best customer support when you are subscribed to our software maintenance plan.

Contact an Avatier sales representative at info@avatier.com for pricing details.

Design and Architecture Questions

What are the components of Password Reset Station?
Password Reset Station is comprised of several integrated technologies that are designed for the Microsoft .NET platform, but they are 100% backward compatible to Microsoft Windows NT 4.0 and Windows 2000 Active Directory for use in your current environment. These components include:

Microsoft Windows 2000 Server or higher operating system
Microsoft .NET extensions (included with installation of Password Reset Station)
Microsoft Internet Information Server (IIS) v5.0 or higher
Access to a Domain Administrator ID and password
Web Browser

How does Password Reset Station integrate with my Microsoft Network Operating System?
Password Reset Station uses the latest Microsoft tools and supported Application Programming Interfaces (APIs) to communicate with domain controllers on NT4, Windows 2000, and/or Windows .NET platforms. This approach ensures that Password Reset Station will work with your existing and future infrastructure. All communications between the host server and domain controllers are encrypted using industry standard tools.

Does Password Reset Station client interface require Java?
No. Password Reset Station uses the latest Active Server Pages technology (ASP.NET), XML, and HTML. The backend cross platform agents do use Java to provide maximum openness for expandability.

Security Questions

Is Password Reset Station’s communication from the host service to the Domain Controller secure?
Yes. All communications between the host server and domain controllers are encrypted using the operating system's native encrypted communications.

Is Password Reset Station’s communication from the host service to the cross platform Java agent secure?
Yes. All communications between the host server and Java agents are uniquely encrypted per Java agent using RSA x.509 public and private key certificates. These means each Java agent can have its own RSA encryption certificate.

Can communication from web client to the host service be secured?
Yes. Avatier recommends setting up a certificate server and using HTTPS to secure communication between the Microsoft IIS server and the client's browser.

Does Password Reset Station encrypt the answers to personal identity questions? Where are these answers stored?
All personal answers to private questions are encrypted using 3DES and hashed in MD5 and then stored in either Active Directory or NT 4.0 SAM database. For even tighter security, the personally chosen questions are not stored with the answers. No need for messy synchronization databases, we keep it all native.

Does the product add any security constraints beyond that of NT/2000?
Password Reset Station only utilizes the security APIs that Microsoft supports and recommends for the Windows NT 4.0 Windows 2000 and .NET server platforms. Since Password Reset Station utilizes Microsoft’s IIS technology, Avatier recommends that all Microsoft security patches and procedures be followed for protection against outside attacks. As with any system, virus scanning should be up to date and actively protecting the Password Reset Station server. Avatier recommends installing a certificate server to encrypt all communications between the web browser and Password Reset Station host.

What auditing/logging capabilities are available?
Password Reset Station activities are logged on the computer running the Password Reset Station service. All attempts (and failures) are logged, administrative changes, and the application can be configured to automatically send an e-mail notification to your security administrator or the Help Desk group.

Scalability Questions

Do I have to install any software on my users' desktops?
No. Password Reset Station enables your end users to enroll in the system, securely reset their password, and unlock their accounts by using a relatively current Microsoft web browser.

Can Password Reset Station be used to manage multiple domains at one time?
Yes as long as a Microsoft NT Trust has been established.

Can the product generate alerts based on failed attempts to reset a password?
Yes. All attempts (and failures) are logged and the application can be configured to automatically send an e-mail notification to your security administrator or the Help Desk group.

Performance Questions

Does Password Reset Station affect Windows NT/2000/2003 operations and performance?
Password Reset Station does not affect normal Windows NT4/2000/2003 operations.

(back to top)

Help Desk Outsourcing | Login Password Recovery | Identity Access Management Strategy | Password Management Programs | Reduce Help Desk Ticketing | Self Service Identity Management | Single Sign On Software Solution | User Password Management Utilities | Sitemap

Copyright © 1995-2007 Avatier Corporation. All rights reserved.
All other trademarks or registered trademarks are owned by their respective holders.