Mobile workforce

  • Users need access to SSPR from anywhere, even before they establish a VPN connection.

Global network

  • There may be hundreds of AD DCs.
  • Users can't wait for changes made at one site to affect their account at another.

Smart cards and tokens

  • Users forget their PINs and need to reset those too.

Smart phones

  • These have passwords too.
  • Should be both supported and leveraged.

Full disk encryption

  • Every security-conscious organization is deploying it and feels the pain of key-recovery.

Integrate with IDM

  • Provision a user -- and don't wait before he can do SSPR.
  • Authenticate before launching a federated connection (SAML, WS*, Shibboleth).