Hitachi ID Password Manager has an open authentication architecture, and can plug into
existing password systems, corporate directories, two-factor
authentication tokens, PKI certificates and biometric engines.
Users may authenticate into Password Manager as follows:
- On the web portal:
- By typing their current password to a trusted system (e.g., Windows/AD,
LDAP, RAC/F, etc).
- By answering security questions.
- Using a security token (e.g., SecurID pass-code).
- Using a smart card with PKI certificate.
- Using Windows-integrated authentication.
- Using a SAML or OAuth assertion issued by another server.
- By typing a PIN that was sent to their mobile phone via SMS.
- Using a telephone, calling an automated IVR system:
- By keying in numeric answers to a series of security questions
(e.g., employee number, date of hire, driver's license
- By speaking one or more phrases, where the Password Manager server
compares the new speech sample to one on record (biometric
voice print verification)
- Using a telephone, calling an IT support technician:
- By answering a series of security questions, where the technician
must type the answers into a web portal to authenticate the caller.
Two factor authentication for everyone
Password Manager supports multi-factor authentication for all users,
at no extra cost. This is typically done by combining multiple
credentials, as follows:
- If the user connects from the Extranet, start with a CAPTCHA.
- Next, prompt for the user's login ID.
- Fingerprint the user's browser -- if the indicated user has
signed on from the same browser before, this can act as an
unobtrusive authentication factor.
- If the user connects from a browser not seen before, prompt for
another factor, which may be:
- If the user had previously enrolled their mobile phone number,
send a PIN to the user's phone, via SMS and prompt the user to
- If the user had previously enrolled their personal e-mail address,
send a PIN to that address, on the assumption that the user has
e-mail access on their phone.
- If the user had previously installed Hitachi ID Mobile Access on their phone,
either use push notification to display a PIN on their phone
or display a cryptographic challenge in the login screen as a
QR code, which the user scans with the app.
- Finally, depending on whether the user remembers his password,
prompt the user to enter it or answer a series of security questions.