A self-service password reset solution has many useful features that many clients are not aware of. Some of these features enhance security, such as advanced authentication, while features such as the offline mode, extend the solutions functionality to users who are not currently on the company’s network, and need to reset their password.
Advanced authentication (a.k.a multifactor authentication) consists of two parts, one of which is email authentication, and the other which is SMS authentication. Both features provide an added layer of security which prevents a user’s password from being reset by someone who may know the answers to another user’s questions, as well as having someone correctly guess the answers. The email used can either be set by the user when they enroll into the password reset solution, or the solution can be set to pull the email address to be used from a specific attribute in Active Directory.
The SMS feature works almost the same way as the email features does. The phone number can be set either by the user when enrolling, or come from a specific attribute in Active Directory. After receiving their pin code via email or SMS, the user will need to input the pin into the solution during their password reset. If it is correct, they will be able to complete their reset; if it is incorrect, they will need to start the process over.
The offline module is particularly useful to companies who have employees who work remotely and may need to reset their password but are not connected to the company network. The user must enroll in the self-service password reset solution while on the company’s network, as the solution will check to see if the user is eligible to use offline functionality. If the user can use it, the solution service will store and encrypt the necessary data on the local machine. Then, if the user tries to reset their password and they are not connected to the company’s network, the solution reset wizard will open the offline logon data and continue with the password reset.
Another important feature to consider when purchasing a self-service password reset solution is how users can enroll to the product. Many products have different options available for users to enroll such as auto-enrollment, on-boarding and a windows pop-up.
For the auto-enrollment option, data is collected from the HR Information Systen or the Student Information System and used to prepopulate answers in the self-service reset product’s database, thus eliminating the need for employees to complete the enrollment process. Enrolling with the on-boarding method utilizes a mechanism to give a unique ID & One Time Password (OTP) to the end user based on personal info from the HR or SIS. It ensures that users are enrolled in the product before network access is granted. The ‘windows pop-up’ method of enrolling users is when a wizard pops up for end users to fill in answers to challenge questions. The wizard cannot be closed unless this info is completed which also ensures enrollment in the self-service reset product.