Password Station Benefits
Avatier Password Station allows your employees to securely reset their own forgotten password in a matter of seconds from anywhere or anytime using a web browser or Avatier’s automated telephone system without calling the help desk.
By reducing help desk calls your organization will save a significant, and easily measurable, amount of money. Furthermore, Avatier Password Station does not require an army of consultants to deploy. Now you can quickly eliminate your #1 help desk call by installing Avatier’s Password Station on your web server in a matter of minutes without any consulting service fees.
Studies show that approximately 30 percent of all help desk calls occur to help users who have forgotten their passwords get back get back to work. When you take into account employee downtime while waiting to regain network access, each one of these calls costs on average $30. Furthermore, time spent resetting a password is time taken away from the help desk technician helping someone else. Do not let password reset requests flood your help desk call center. Software has been developed by Avatier that allows users to reset passwords themselves without calling an in-house technician.
Password Management Strategic Benefits
Password Station’s self service reset and password synchronization technology delivers instantly recognizable, measurable benefits to your company’s IT staff, bottom line and even employees. In fact, with Password Management your company does not have to sacrifice security for improved quality of service.
- Reduce operational costs
- Increase security and accountability
- Enable strong password enforcement
- Facilitate security compliance
- Ensure employee privacy
- Increase productivity
- Help Desk management
- Enterprise risk management
Improve Security
Password Management adds another layer of security to your existing layered security infrastructure by providing the following improvements:
- Maintain comprehensive audit trails for all heterogeneous password activity.
- Avoid assigning “system administrator” permissions to additional staff to facilitate password reset requests.
- Ensure cross-platform password policies compliance.
- Facilitate more secure policies, such as preventing employees from using common words in their password and over 100 other rules.
- Reduce help desk and administrators from being pressured to return a favor to an employee and bypass password policy.
- Eliminate the chance of help desk personnel not confirming employee identity during brief periods of high call volume.
- Prevent accidental password resets due to human error.
- Guarantee employee identity is verified for all password management activity.
- Improve intrusion detection by acting as a honey pot to trap and alert on all unsuccessful identity verifications.
Reduce Cost
Eliminate the leading source of help desk calls and associated expenses by using Password Management to automate password resets and account unlocks.
Optimize Employee Productivity
Password Management improves employee productivity by consistently reducing password reset to less than a few seconds. Password Management’s password synchronization lowers the number of passwords employees have to remember, to one.
Realize Rapid Return on Investment
Self service automation of password resets with Password Management typically results in a 60-120 day complete return on investment.
Enforce Accountability
Every action performed through Password Management service is stored in an audit log database. Critical alerts and confirmations are e-mailed directly to designated administrators and employees.
Minimize Deployment and Maintenance Costs
Password Management speedy and effortless installation, typically takes two to five minutes plus a reboot. Configuration typically takes 10 minutes allowing for immediate realization benefits without any disruption to your network.
Respect Employee Privacy
Use Password Management to minimize the need for employees to share sensitive personal information with support staff.
Streamline Technology Resources
Although improving productivity for your technology staff is categorized as soft dollar savings, it is important for you to realize the benefits Password Station provides in this area:
- Transform technical resources to offer improved service to employees who have difficult, non-routine questions.
- Concentrate staff efforts on more strategic tasks; such as product evaluations, statistical analysis, call avoidance, troubleshooting, and proactive cyber security operations.
- Reduce staff turnover from recurring mundane support calls.
Maximize Scalability
Integration with Microsoft’s Active Directory and Microsoft’s Windows NT enables Password Management to be extremely scalable because no replication management of external databases or files is necessary. Likewise, leveraging the multithreaded nature of web services, all actions are processed simultaneously. It can support a global corporate enterprise, a dispersed remote user community, and a 200 person office with the same safety, reliability, and ease-of-use across all environments.
Achieve Ease of Use
Resetting your password is as simple as the following three easy steps:
- Identify (enter your account)
- Verify (correctly answer your private questions)
- Reset (enter your new password)
Realize Anywhere Anytime Access
Access to a web browser or telephone ensures an employee can reset a forgotten password and unlock his or her account without requiring any outside assistance.
Decrease Frustration
Now you can eliminate the typical delays, frustration, lost productivity, and overhead typically experienced while waiting on hold for a help desk member to handle your password reset request. Password Management not only removes the burden from the help desk, but lets employees get back to work with a minimal of disruption or delay.
Revolutionary Enhancements
Password Station includes the following revolutionary enhancements:
- Ability to reset locally cached passwords on end user workstations (Windows 98, NT, 2000, XP, Vista and Windows 7)
- Transparent password synchronization
- Administrators can check for new versions of the software through Avatier’s LiveUpdate
- Optional agentless telnet and ssh connectors for any platform
- Support for RSA SecurID without requiring end user identity enrollment
- The world’s first and only self-service password reset through a telephone authenticated by RSA SecurID
- Support for resetting local Lotus Notes ID files while preserving settings
- Support for resetting Tru64 and VMS passwords
- Support for designating any LDAP directory as primary repository and user authentication source
- Enterprise password reset help desk console now displays real-time audit log
- Internationalization with support for over 26 different languages, including double byte languages
- Built-in real-time cost savings analysis reports with support for over 50 international monetary dominations
- Password Station is now a component of Avatier’s Identity Management Server (AIMS) which includes Account Terminator and Account Creator
Accessibility
Successful self-service password management initiatives depend heavily on how many people use the solution. You will not see a call reduction and likewise an immediate cost savings if your end users can’t or won’t access the self service solution you deployed. Avatier’s Password Station offers six access options to provide the ease of use, instant availability, and flexibility to accommodate the needs of any size business.
Universal Web Access
Allows end users to securely access Password Management from any web browser, including NetScape, Mozilla, and Microsoft Internet Explorer. This option does NOT require deploying any desktop software.
Secure Kiosk System
Provides the most secure and efficient method for end users to securely access Password Station from the Microsoft Windows logon screen on their own workstation even when they cannot remember their password. Ensures end user privacy and convenience. Improves self-service adoption and use by 40%.
Group Policy Kiosk with Avatier’s Secure Browser
Securely grants end user access to Password Management through a locked-down, shared Microsoft Windows user account that has no permissions. This option is designed for organizations who do not want to deploy software to the desktop, but would still like end users to securely reset their password at their workstation.
Enterprise Web Password Reset Help Desk Console
Allows help desk personnel to use one enterprise help desk console for all password resets and account unlocks regardless platforms without requiring administrative privileges on any of the target platforms. This option does NOT require deploying any desktop software.
PIN Number Telephone Access
Enables end users to reset their password from any where using any touch tone phone. This simple interface only requires the end user to enter known identity numbers. Integrates with your existing PBX systems and installs in under an hour.
Secure RSA Telephone Access
Password Station is the only product that seamlessly integrates with your existing RSA SecurID card infrastructure to provide the most secure and robust phone password reset and synchronization solution on the market today. Integrates with your existing PBX systems and installs in under an hour.
Platforms Supported
Avatier’s Identity Management Server (AIMS) supports over 60 of the leading network operating systems, directories, databases, and applications.
Password Policies
Your password can be cracked in less than 14 seconds if your password is contains words found in a dictionary. These threats and many others require that organizations must enforce strong password policies. Password Station cross platform password management allows you to centrally define and consistently enforce strong password policies to ensure compliance with your corporate security guidelines and maximize data security.
Password Synchronization
Avatier’s transparent password synchronization and manual end user selective synchronization provides maximum flexibility.
Auditing
All activity is audited and tracked.
Reporting
A combination of real-time and schedule reports makes wins the hearts of IT professionals and managers.
- Scheduled Usage Reports: Summary and detailed usage reports of all password resets, account unlocks, failed answers to identity questions, failed password resets, phone password resets, and more are sent hourly, daily, weekly, or monthly to system administrators.
- Enrollment Report: System Administrators can run a report to determine who is currently enrolled and who is not.
- Utilization and Licensing Reports: Active monitoring of number of licenses, enrolled users and utilization rate.
- Custom Reports: Using Crystal Reports or Business Objects custom reports can be run against the SQL database.
- Enterprise Risk Reduction: Password Management is designed from the ground up to be the state of the art integration platform utilizing the latest in web service technology.
Secure pre-logon password reset button
Allows users to securely reset their forgotten password from the privacy and convenience of their own workstation’s Ctrl-Alt-Del pre-logon window without calling the help desk or disrupting a co-worker. Avatier supports any system running Microsoft Windows NT, 2000, XP, 2003 and 7. Additionally, Avatier’s GINA (Secure Kiosk Logon) works with any other system and can be deployed through Group Policy.
Secure Telephone Reset
End users can quickly self-identify, verify, and securely reset their forgotten password anytime with any touch-tone telephone, cell phone, or PDA phone. It now supports RSA SecurID authentication.
Changes locally cached passwords
No other solution automatically changes your locally cached domain password credentials. This prevents your logon session from locking out preventing access to Microsoft Outlook, network resources, folder replication and internal web sites using integrated Microsoft security.
LiveUpdate
Automatically maintain the latest software version of Avatier’s Identity Management Server (AIMS) without the associated administrative burden and expenses. Allows administrators to check for and automatically install new versions of the software through Avatier’s LiveUpdate
Web Services Infrastructure
Avatier’s solutions consume any web service, making it possible to integrate with any platform. Additionally, our solutions publish web services enabling easy integration with any automated process regardless of the target development language.
Built-in Real-Time Redundancy and Super Scalability
Avatier’s solutions do not require any centralized database, but instead leverage any existing LDAP directory such as Sun, Novell, IBM, Oracle, Microsoft’s Active Directory, and even Microsoft’s Windows NT as our application primary secure repository. This allows organizations to simply deploy multiple web servers for real-time redundancy and maximum system availability with minimal support overhead.
Software Development Kit (SDK)
Allows system integrators and paying customers to develop password reset and synchronization connectors for third party or custom applications. Useful code samples reduce development time. Optionally, Avatier will assist with the development and integration of the first custom application.
Configurable Directory Storage Location – No Schema Extensions
System Administrators can choose the location to store answers to employee’s private identity questions in any LDAP Directory or Microsoft Directory without extending the schema. Optionally, for those organizations who prefer to store identity data in extended fields, Avatier’s solutions will also support schema extended fields. Tested by some of the governments toughest security sites, Password Station has proven to be very secure.
Honors password history
Password Management is the only product that honors password history without storing decryptable copies of end user’s current and prior passwords anywhere.
Silent Alarms
Critical events are emailed directly to the designated employees and administrators which will ensure that organizations are immediately aware of suspicious activity. For example, emails are automatically sent to system administrators:
- Whenever an employee fails to correctly answer their identity questions
- Whenever an employee fails to correctly enter their existing password
- Anytime a global system configuration change is made
Emails are automatically sent to employees:
- Whenever a failure to correctly answer their identity questions is detected
- Upon successful password reset or account unlock to verify user initiated
- Specified number of days as their password is expiring
- Audit controls are customizable for any successful or unsuccessful transactions
Enhanced Password Policy Enforcement with Word list Filtering
Strong integration with Password Bouncer to deliver unmatched password enforcement across multiple platforms, by preventing users from selecting vulnerable passwords that can be easily cracked by hackers.
Highly Secure Web Service Design
Avatier’s Identity Management Server (AIMS) solutions are not script-based. Scripts can be manipulated before or after they reach the target computer. Script based solutions require an army of consultants to implement.
- Host computer specific asymmetrical encryption keys
- Automatic exclusion of Root and other privileged system accounts
- Ability to exclude additional accounts by account or group name
- Only accepts requests from defined IP addresses
- No Unix Admin passwords are stored anywhere
- Configurable Web Service TCP communication port
- Communicates SOAP over SSL (SOAPS)
- Requires WSDL path and documented parameters to communicate
Centralized Auditing and Real-time Event Logging
Captures who did what to whom and when for every transaction stores to a central SQL database. The reports can be customized and displayed in real-time through a web interface. The reports can be exported to Excel or Text files.
System Configurable Number of Identity Questions
Employee’s can be required to answer as few as 2, or as many as 9 identity questions. Completely configurable identity questions, add, edit, retire.
Cascading Identity Questions
Employee’s cannot see their second question until the first question is answered correctly. This prevents social engineering.
Automatic De-enrollment after Identity Questions are Answered Incorrectly
Configurable auto-lockout on failed authentication. System Administrators can configure a threshold to de-enroll an account after their identity questions are answered incorrectly too many times.
Force Password Change at Next Login
Employee’s can be forced to change their password at Microsoft Windows NT or Active Directory login time. Avatier enterprise password reset help desk console has several key features necessary for large organizations.
Delegated Access to Cross-Platform Password Reset & Account Unlock
Leverages your existing Microsoft groups and user accounts to delegate cross platform password reset and account unlock access to Help Desk individuals.
Displays Real-time Cross Platform Account Status
Help Desk personnel can obtain real-time account status on any platform, for any user. Status includes: Account Disabled, Account Lockout Status, Password Expiration Date, Password Age, Full Name and more.
Guarantees End-User Identity
The Help Desk module can be configured to not allow password reset until the end-user’s identity has been confirmed. It can also be configured to manage non-enrolled accounts.
Real-time Audit Trail of End User Activity
Help desk personnel have access to view all prior end user self-service and help desk activity. This allows help desk personnel to quickly analyze any issues with the customer as it is occurring.
Exclude Individuals or Groups from Help Desk Management
Select specific users or groups to be excluded from Help Desk management.
Centralized Auditing and Real-time Event Logging
Who, what, when, and where are stored in a central SQL database. Built in filtering and sorting on any field or timeframe and displayed in real-time through a web interface. The reports can be exported to Excel or Text files.