Self-Service Reset Password Management
Empower Users. Free-up IT.
24/7 password resets made easy.
Keep Your Users Productive and Reclaim IT Bandwidth
24/7 Password Reset
Whenever users need to reset their password due to forgotten or expired credentials, they can do so without helpdesk assistance. Verified users can reset their passwords on their own.
A unique “Claim ID” lets your organization protect one of the most vulnerable stages of the user account lifecycle: safely handing off accounts and credentials to new users.
Your employees may update basic personal information on their own. The respective fields and attributes are determined by your administrators to keep the configuration suited for your environment and processes.
Simple and Efficient Password Management
24/7 Password Reset
When users enroll in Self-Service Reset Password Management (SSRPM), they are required to provide answers to security questions. When resetting credentials, re-answering these security questions verifies the user’s identity. Verified users may reset their Active Directory (AD) passwords according to the complexity restrictions you configure. It’s that simple.
24/7 Resets Empower Users: So long as a given user completes the security questions, they can reset their password at any time, from anywhere, on any device.
Reclaim IT Bandwidth: If your helpdesk is spending up to 80% of its time on menial reset calls, many more important IT projects are getting put on the back burner. Free up IT with SSRPM.
SSRPM helps your organization protect one of the most vulnerable stages of the user account lifecycle: safely handing off accounts and credentials to new users.
Most organizations still rely on emails, sticky notes, or intermediaries to hand off new accounts and credentials. However, all of these methods create security risks. Even worse, many organizations still use default passwords or formats for new users that could be easily guessed or socially engineered.
Account Claiming creates new accounts along with a unique “Claim ID” and may be disabled or set as inactive until a certain date (e.g., new user’s Day 1). The Claim ID can be something the employee already knows, that they can find in their onboarding documentation (e.g., their employee number), or generated at random.
The new user enters the Claim ID into the Account Claiming web portal to select their account. Next, users provide specific but non-sensitive information to verify their identity. Once verified, users can hit the ground running with their accounts right on Day 1.
Secure: Account Claiming’s “Claim ID” provides a massive security boost over emails, sticky notes, intermediaries, and default passwords.
Intuitive: The Account Claiming process is as easy as possible for end-users: enter the “Claim ID,” verify your identity, and you’re off and running.
Productivity: With Account Claiming, you can ensure a new user’s account is set up ahead of time and simply disabled until claimed.
With SSRPM, your employees may update basic personal information on their own. For example, changing names due to marriage, moving to a new address, and more can create menial helpdesk calls for updating user data.
With self-service, users can easily make these updates themselves by logging into an online portal. The fields and attributes available to be updated are determined by your administrators to keep the configuration suited for your environment and processes.
User Self-Service: Enabling your users with secure self-service increases both their productivity and satisfaction. Everyone prefers knocking out a quick change over waiting on submitted tickets.
Minimized Helpdesk Calls: Helpdesk tickets for every little change pile up fast. By letting users update their own basic info, your smaller queue lets you focus on more important matters.
Secure Portal: Everything is handled via a secure portal. Users log in and can see all of the AD fields they may update.
Self-Service Reset Password Management
Up to 80% of helpdesk calls are for password resets. SSRPM allows your users to reset their passwords 24/7. Rapid resets enable your employees to get past forgotten password hurdles during user authentication and back to being productive.
The self-service password reset feature allows you to change your password without contacting helpdesk support and also helps reduce the time it takes employees to change their passwords. In addition, it helps prevent fraudulent activity by locking out accounts that have been compromised.
SSRPM also allows for secure user onboarding (“Account Claiming”) and self-service updates to basic personal information in Active Directory. This way, they help eliminate the mountain of menial reset tickets from your helpdesk’s queue and reclaim valuable IT bandwidth for more important projects.
Self-Service Reset Password Management has several advantages, including:
Reduced costs associated with customer support calls.
Improved security through increased control over how passwords are handled.
Increased productivity for IT staff who do not have to spend time supporting customers.
Ability to lock out accounts that have been breached.
Self-service password management features available for both on-premises and cloud environments.
Common Password Reset Ticket Scenarios
The following examples illustrate some common scenarios encountered by helpdesk staff when dealing with password resets:
Example 1 – User forgets their password
This is probably the most common example. A user calls the helpdesk to request that their password be reset. First, the helpdesk team member verifies that the user’s username and domain credentials match what is stored in AD. Once verified, the team member generates a unique password reset ticket. Next, the user is given a temporary password to access their account while waiting for the password reset ticket to be processed. Once the ticket is completed, the user is prompted to change their password.
Example 2 – User changes password without verifying their email address
An employee who recently joined the company calls the helpdesk and requests that their password be reset. First, the team member verifies that the user’s email address matches what is stored in Active Directory. Once verified, the employee is provided with a temporary login credential to allow them to access their account until the password reset ticket is complete. Next, the employee must verify their email address before changing their password. If the email address has been verified, the employee will receive an email notification containing a link to activate their new password.
How Self-Service Password Reset Works
Users have the option to select the “Forgot my password…” link at the bottom of their Windows workstation login prompt. When users click on this link, they may:
- Reset a forgotten password
- Change their password
- Update basic Active Directory user info (e.g., contact information)
- Proceed with their onboarding
Once the user clicks to reset their forgotten password, they will be asked a series of security questions to verify their identity. The user will have already set the security question answers when they first enrolled in SSRPM. After answering the security questions, the user will be able to reset their password according to the complexity restrictions configured by the organization’s IT department.
Examples of Security Questions
You may add your own, but default security questions include:
- In what city did you meet your spouse/significant other?
- What was your childhood nickname?
- What is the name of your favorite childhood friend?
- What street did you live on in third grade?
- What is your oldest sibling’s birthday month and year? (e.g., January 1900)
- What is the middle name of your youngest child?
- What is your oldest sibling’s middle name?
- What school did you attend for sixth grade?
- What was your childhood phone number, including the area code? (e.g., 000-000-0000)
- What was the name of your first stuffed animal?
- In what city or town did your mother and father meet?
- What was the last name of your third-grade teacher?
- What is the first name of the boy or girl that you first kissed?
- What is your maternal grandmother’s maiden name?
- In what town was your first job?
For education/youth users, the following security questions are more applicable:
- Who wrote your favorite book?
- Who is the best superhero (or villain)?
- What is the name of your first-grade teacher?
- What is your favorite sports team?
- What is the name of the scientist you admire?
- What is your favorite outdoor activity?
- If you could be any animal, what would you be?
Improve Password Security
While organizations can set the kind of password they deem acceptable, we advise them to create strong passwords. When it comes to passwords, there are two main types of attack vectors:
Brute force attacks: These are commonly known as dictionary attacks. Dictionary attacks try all possible combinations of characters in order to guess the original password. For example, if you use your first name, last name, date of birth, and street address as part of your password, then someone trying to brute force this password would need to try every combination of letters, numbers, and special symbols to find your password.
Password guessing attacks: These are commonly referred to as rainbow table attacks. Rainbow table attacks involve using precomputed tables of hashes and comparing each hash to a target hash. This type of attack is often used when an attacker knows that a specific user previously used a particular password.
To thwart these attempts, password strength requirements vary depending on which password policy is enforced. However, most organizations require passwords to meet minimum length and complexity rules.