Self-service password reset lets users reset passwords without help desk assistance. As a result, help desk no longer needs to verify users over the phone. Instead, users can confirm their identity through a variety of options.
When describing options, enterprise password management vendors focus on the questions they offer. They state browser compatibilities and integration with Microsoft and Mac credential providers. Yet, none of these influence user adoption or alleviate help desk’s burden.
With self-service password reset, there are really two issues at hand. The first relates to password reset options and the second to authentication methods.
Self-service Password Reset Options
Passwords control access to enterprise apps, network servers, and cloud services. Passwords are the most common form of authentication. They represent a simple, inexpensive, and convenient form of authentication.
Enterprise passwords can be reset via one or more of the following methods:
Windows or Mac Login: enable users to reset their passwords to all connected enterprise systems and services via the Windows and Mac login screen.
Web browser: let users reset forgotten passwords, change passwords, unlock accounts, test password strength, and change challenge questions in a web browser.
Phone Reset: call an automated password reset authentication system from a touch-tone phone to unlock accounts, request new passwords, and generate one-time passwords.
Self-service Password Reset Authentication
Authentication pertains to proving who you are. When resetting passwords, the system needs to authenticate who you are. To do so, systems present various challenges in various ways. Common forms of authentication include:
Alternative Email: Use alternate email addresses to authenticate users and add security to workflow. Leverage alternate email to send passcodes, challenge questions, and PINS.
Biometrics: Use fingerprint scans, facial recognition, voice, iris patterns, and even keystrokes for authentication. Protect access to extremely sensitive data, systems, and networks.
Challenge Questions: Prevent unauthorized people from getting access by requiring users to answer questions they select and answer. Confirm user identities at login.
One time passcode: Authorize with one time passcodes sent as SMS to phones and alternate email addresses. Require user authentication by entering unique codes.
Phone: Authenticate users through a touch-tone phone system. Enable PIN, RSA token, and voice recognition. Answer questions, respond to prompts, and enter PINS and codes.
Secure token: Require uses to enter RSA SecurID, smart cards, and key fob tokens. Send owners of a particular device unique numbers they enter for login.
SMS: Verify users with SMS sent to web pages, emails, and mobile phones. Provide strong security for your business with no inconvenience to your users.
Voice Recognition: Match to a unique voiceprint for user authentication. Verify identities based on voice characteristics regardless of accent, language, or call quality.
Self-service Password Reset Multi-factor Authentication
The authentication methods above can be combined in an enterprise password manager. A password plus one of the methods is considered two-factor authentication. When two or more authentication methods are applied, you add multifactor authentication. Two-factor authentication and multifactor authentication make unauthorized user access more difficult to pull off.
When passwords are compromised, added authentication must be breached before gaining access. By adding authentication, you assure identities are who they claim to be.
When you simplify self-service password management and provide options, you encourage use. For self-service password reset authentication, solutions must be easy to use. They must leverage both inexpensive and the securest authentication measures.
Learn the Top 10 Password Management Best Practices for successful implementations from industry experts. Use this guide to sidestep the challenges that typically derail enterprise password management projects and user adoption.