While password renewal is a key component of information system security, end users often regard it as one of the greatest irritants of working life. Not to mention that it very often costs an organisation a lot of money, whether it is managed internally by a department often snowed under with requests at certain times, including just after holidays, or outsourced via managed services. It can also prove counterproductive and end up reducing the quality of passwords used to authenticate on Active Directory or to access Cloud services such as Office 365.
Offering IS users a Self-service password reset (SSPR) solution is therefore an excellent way of allowing them to renew their passwords autonomously if they forget them or when they expire. What’s more, it means your – in-house or outsourced – staff do not have to perform this task, so helping to deliver an immediate financial gain.
SSPR therefore meets an ROI challenge for a company and increases user satisfaction. However, to be joined up and comprehensive, the solution must be available on users’ workstations (factoring in offline uses) and via a web browser in a portal or a dedicated application. It must be possible to configure it centrally and in an auditable way, and it must offer a range of unlocking methods including answering secret questions, sending OTPs by SMS or email, using a mobile MFA solution or a unique URL, “calling a friend” (sponsorship by another authorised user), etc.
SSPR: simplifying password management… and more!
Although the SSPR acronym might suggest that self-service is limited to password renewal, in reality it must encompass all strong authentication methods used to enable access to the information system.
There are many use cases: forgotten, lost or stolen physical authentication media such as chip cards, contactless badges, FIDO2 keys; empty batteries on telephones using MFA authentication mobile applications; problems with (dirty, wet or faulty) biometric sensors preventing fingerprint recognition, etc.
It is vital to have a “Backup mode” for unlocking users who do not have their main authentication method, whatever it may be, in their possession.
So, in the case of a forgotten password, the solution should enable a user to reset their primary password, while if they forget their physical medium, it should allow them to set a temporary password.
Self-Service Password Reset, a key element in a comprehensive access management strategy
Self-Service Password Reset is very often one of the components of a Global SSO platform, that is most visible to users and administrators, even though the platform will have a much wider functional and technical scope.
This platform performs all strong and multi-factor authentication functions, and Single Sign-On (SSO) functionalities such as Web SSO, identity federation and/or Enterprise SSO (eSSO), thus making it part of a genuinely comprehensive IAM strategy.
Our successful experiences of deploying the Self-Service Password Reset (SSPR) solution
No such thing as a universal authentication method?
For a variety of reasons including regulations, security and ease of use, IT managers face a complex challenge: protecting access to...
Single Sign-On (SSO) and access control: a necessarily global approach to single authentication
How to protect business data without imposing onerous authentication processes on employees is a challenge that most businesses have or...