Users sometimes forget their primary PC login password or trigger an intruder lockout. It is desirable to enable these users to access self-service to resolve their problem, but there is a catch: they cannot sign into their PC so cannot access a conventional web browser or other PC application. How then can they access self-service?
The technical challenge is how to connect users to a self-service mechanism from a pre-login context. The mechanism offered must be evident (or users won't find it), easy to use and secure.
There are three contexts that complicate this problem:
- When a user is locked out of the OS login screen; and
- When a user is physically off-site; or
- When a user is unable to unlock the encrypted drive of his PC, at a pre-boot password prompt.
Solution Alternatives
When users forget their primary password or trigger an intruder lockout, they are in a Catch-22 situation: they cannot log into their computer and open a web browser but cannot open a web browser to fix their password and make it possible to log in.
Hitachi ID Password Manager includes a variety of mechanisms to address the problem of users locked out of their PC login screen. Each of these approaches has its own strengths and weaknesses, as described below:
* Edge must be used in Desktop Mode
|
Option | Pros | Cons |
---|---|---|---|
1
|
Ask a neighbor:
Use someone else's web browser to access self-service password reset.
|
|
|
2
|
Hitachi ID Login Assistant:
Extends the login screen of Windows systems
|
|
|
3
|
Secure kiosk account (SKA):
Sign into any PC with a generic ID such as "help"
and no password. This launches a kiosk-mode web browser
directed to the password reset web page.
|
|
|
4
|
Hitachi ID Mobile Access:
Deploy a mobile app, combined with a proxy server in the cloud,
to allow users to access the password reset system from their
smart phone.
|
|
|
5
|
Telephone password reset:
Users call an automated system, identify themselves using
touch-tone input of a numeric identifier, authenticate with
touch-tone input of answers to security questions or with
voice print biometrics and select a new password.
|
|
|