Tools4ever's SSRPM Advanced Authentication module can be used to expand the set of personal verification questions with an additional layer of security in the form of two-factor authentication. Two-factor authentication is achieved by expanding the set of questions (knowledge) with a code sent using a text message or personal email address. The texting and email options can be set for each user group.
To enforce strong Two-Factor authentication, it is possible to prompt end users to enter a PIN code during the password reset process. This PIN code will be sent to a mobile number previously specified by the user. The main benefit of SMS authentication is that SSRPM is secured more effectively because in addition to providing answers to personal questions, users must have a personal physical device at their disposal (the mobile phone) to receive the pin code via SMS.
Helpdesk Caller Identification Web Interface
This web interface is intended to assist the helpdesk authenticate users, without the user providing the helpdesk their complete answers to the questions.
It is possible to configure SSRPM to encrypt the answers instead of creating a hash. The advantage of using reversible encryption is that it is possible to use the Helpdesk Caller Identification web interface.
Helpdesk Caller ID Verification
When an end-user directs a request to the IT helpdesk, how does the helpdesk employee determine that the end-user is indeed who they claim to be? With Helpdesk Caller ID Verification it is possible to establish the identity of the end-user over the phone. Each end-user will have enrolled by answering a series of challenge questions, (for example, "What is your mother's maiden name?") By using an intelligent mechanism, the helpdesk assistant cannot view the actual answer to the question, but only parts of the answer (for example, the first and last letter of the answer). This is accomplished by the helpdesk employee asking the caller which letters should be filled in for the answer. In this way it is possible to verify the identity of the caller.
SSRPM supports several languages, namely English, Dutch, French, German, Spanish, Italian, Portuguese, Polish, Czech, Chinese, and Russian.
- Mobile Friendly: The SSRPM web interface is mobile friendly in order to make the website easier to navigate when using a handheld device.
- CAPTCHA: SSRPM has CAPTCHA functionality which requires users to enter the randomly generated letters and numbers shown in order to verify they are human. This functionality can easily be enabled or disabled by the system administrator.
- 24/7 availability: End-users can reset their password 24 hours a day, including weekends and holidays. This is in contrast to the availability of the IT helpdesk.
- Login possible from anywhere: It's possible to reset passwords from any workstation. SSRPM integrates the "Forgot My Password button" in the organization's logon window or a web portal.
- Offline support: SSRPM now offers offline support for end-users with a laptop that does not have a connection with the corporate network and have forgotten their username and/or password but still want to log into their laptop.
In this scenario, end-users click on the "Forgot My Password" button that is provided on the log in screen. SSRPM then presents the same questions as the normal self-service password reset procedure (with network connection). After correctly answering the questions, SSRPM automatically logs the end-user onto the machine.
Security and Flexibility
End-users are authenticated on the basis of a number of predefined questions. Administrators can decide themselves how many incorrect answers can be entered before someone is blocked from using the application.
- Customizable password policy: The system administrator has total control over the complexity of the password policy. For example a complex password with at least 7 characters or at least 1 uppercase letter can be required. Various password security levels can be configured from weak to strong.
- Questions configuration: System administrators can modify the complexity by changing the number and content of the test questions themselves. This also applies to the number of attempts the end-user may make to enter the details correctly.
Multi Platform Support
SSRPM supports Windows, Unix, Mainframe, Novell, Lotus Notes, AS/400, Citrix and a variety of web applications such as OWA and NFuse.
Clear and Adaptable Design
The SSRPM Admin Console offers system administrators an overview of all relevant information, such as end-users who have not logged on, an overview of the number of incorrect answers for a new password, and an overview of the current SSRPM status. The GUI, configuration and reporting abilities can be tailored to meet your organizational requirements.
Integration with other Tools4ever Solutions
The web interface of SSRPM is able to show password complexity rules defined by Tools4ever's Password Complexity Manager (PCM) and check if the new password meets the requirements defined by that policy.