Self-service Password Reset

Enable users who forgot or locked out their password to resolve their own problem.

Users who have forgotten a password or triggered an intruder lockout can sign into Bravura Pass using other types of credentials to reset their password or clear the lockout. Non-password authentication options include security questions, voice biometrics, smart cards, hardware tokens and random PINs sent to a user's mobile phone using SMS.

Access to self-service is available from a PC web browser, from the Windows login screen, using a telephone or using the mini web browser on a smart phone.

Users can authenticate to self-service password reset or PIN reset system using any combination of the following mechanisms:

  • By typing their current password to a trusted system (e.g., Windows/AD, LDAP, RAC/F, etc).
  • By answering security questions.
  • By offering up a biometric sample, which is validated by a trusted service or API.
  • Using the Bravura Security Mobile Access smart phone app to scan a cryptographic challenge displayed on the user's PC screen as a QR code.
  • Using third party smart phone apps, such as Duo Security or Google Authenticator.
  • Using a hardware or software security token (e.g., RSA SecurID).
  • Using a smart card with a PKI certificate.
  • Using Windows-integrated authentication.
  • Using a Security Assertions Markup Language (SAML) or OAuth assertion issued by another server.
  • By typing a PIN that was sent to their mobile phone via SMS.
  • Using a device/browser fingerprint and/or cookie, for example to compare current login to previous events.

Watch a Movie

Self Service Anywhere™

hipm-pw-reset-win10-nb-thumb

 

Content:

  • A user forgot his primary Windows login password.
  • The user is away from the office and the corporate AD password is cached locally.
  • The video shows how the user can reset the forgotten password -- from the PC login screen, over WiFi+VPN and get back to work.

Key concepts:

  • Users are increasingly mobile.
  • Mobile users sign into their corporate laptops with cached domain credentials.
  • If a user forgets his Windows password while away from the corporate network, the IT help desk cannot help him, as they cannot access the cached password.
  • Using Self-Service, Anywhere, Bravura Pass allows mobile users to reset forgotten passwords even while away, enabling them to get back to work before they return to the office.
  • Without this technology, a remote user who forgot his password cannot use his PC until he returns -- a major business interruption.

Locked out Windows user resets own password (no software footprint)

hipm-pw-reset-ska-nb-thumb

 

Content:

  • A user has either forgotten his password or triggered an intruder lockout.
  • The user's PC runs any version of Windows.
  • The user wishes to unlock his account without calling the help desk.

Key concepts:

  • Access to SSPR is available using a secure kiosk account.
  • This approach eliminates the need to install any software on the PC.
  • The trade-off is a special domain account, typically called help which every user can sign into but which has minimal security entitlements.

User Interfaces

Self-service password reset is available from a full screen or mobile phone web browser, from the PC login prompt and from a telephone.