Self-service Password Reset Authentication Options

Self-service Password Reset Authentication Options

Authentication is near.

Self-service password reset lets users reset passwords without help desk assistance. As a result, help desk no longer needs to verify users over the phone. Instead, users can confirm their identity through a variety of options.

When describing options, enterprise password management vendors focus on the questions they offer. They state browser compatibilities and integration with Microsoft and Mac credential providers. Yet, none of these influence user adoption or alleviate help desk’s burden.

With self-service password reset, there are really two issues at hand. The first relates to password reset options and the second to authentication methods.

Self-service Password Reset Options

Passwords control access to enterprise apps, network servers, and cloud services. Passwords are the most common form of authentication. They represent a simple, inexpensive, and convenient form of authentication.

Enterprise passwords can be reset via one or more of the following methods:

Windows or Mac Login: enable users to reset their passwords to all connected enterprise systems and services via the Windows and Mac login screen.

Web browser: let users reset forgotten passwords, change passwords, unlock accounts, test password strength, and change challenge questions in a web browser.

Phone Reset: call an automated password reset authentication system from a touch-tone phone to unlock accounts, request new passwords, and generate one-time passwords.

Self-service Password Reset Authentication

Authentication pertains to proving who you are. When resetting passwords, the system needs to authenticate who you are. To do so, systems present various challenges in various ways. Common forms of authentication include:

Alternative Email: Use alternate email addresses to authenticate users and add security to workflow. Leverage alternate email to send passcodes, challenge questions, and PINS.

Biometrics: Use fingerprint scans, facial recognition, voice, iris patterns, and even keystrokes for authentication. Protect access to extremely sensitive data, systems, and networks.

Challenge Questions: Prevent unauthorized people from getting access by requiring users to answer questions they select and answer. Confirm user identities at login.

One time passcode: Authorize with one time passcodes sent as SMS to phones and alternate email addresses. Require user authentication by entering unique codes.

Phone: Authenticate users through a touch-tone phone system. Enable PIN, RSA token, and voice recognition. Answer questions, respond to prompts, and enter PINS and codes.

Secure token: Require uses to enter RSA SecurID, smart cards, and key fob tokens. Send owners of a particular device unique numbers they enter for login.

SMS: Verify users with SMS sent to web pages, emails, and mobile phones. Provide strong security for your business with no inconvenience to your users.

Voice Recognition: Match to a unique voiceprint for user authentication. Verify identities based on voice characteristics regardless of accent, language, or call quality.

Self-service Password Reset Multi-factor Authentication

The authentication methods above can be combined in an enterprise password manager. A password plus one of the methods is considered two-factor authentication. When two or more authentication methods are applied, you add multifactor authentication. Two-factor authentication and multifactor authentication make unauthorized user access more difficult to pull off.

When passwords are compromised, added authentication must be breached before gaining access. By adding authentication, you assure identities are who they claim to be.

When you simplify self-service password management and provide options, you encourage use. For self-service password reset authentication, solutions must be easy to use. They must leverage both inexpensive and the securest authentication measures.

Self-service password reset must be part of a complete enterprise solution. To increase user adoption and lower your IT burden, the more authentication options the better.

Top 10 Password Management Best Practices -- The proven working guide for successful implementation.Get Your Free Top 10 Password Management Best Practices Guide

Learn the Top 10 Password Management Best Practices for successful implementations from industry experts. Use this guide to sidestep the challenges that typically derail enterprise password management projects and user adoption.

Request the Workbook

Written by Trevor Harp

Trevor Harp, currently serves as the Director of Customer Success at Avatier, an enterprise identity management and IT security company. In his role, Trevor ensures breakthrough experiences for new customers and continuous improvement for existing ones. Trevor is a top-performing sales management professional with over 17 years’ experience in direct B2B and OEM enterprise software and technology sales and national account management. Previously, Trevor served as Global Business Development Director at Keyence, a leading factory automation equipment manufacturer, where he was responsible for global business development efforts with multi-national customers and emerging international markets.