Self Service Anywhere™
- A user forgot his primary Windows login password.
- The user is away from the office and the corporate AD password is cached locally.
- The video shows how the user can reset the forgotten password -- from the PC login screen, over WiFi+VPN and get back to work.
- Users are increasingly mobile.
- Mobile users sign into their corporate laptops with cached domain credentials.
- If a user forgets his Windows password while away from the corporate network, the IT help desk cannot help him, as they cannot access the cached password.
- Using Self-Service, Anywhere, Hitachi ID Password Manager allows mobile users to reset forgotten passwords even while away, enabling them to get back to work before they return to the office.
- Without this technology, a remote user who forgot his password cannot user his PC until he returns -- a major business interruption.
Unlock pre-boot password
- A user forgot his pre-boot passwords for the McAfee ePO Drive Encryption.
- The user can unlock his PC using Hitachi ID Password Manager.
- Access to Password Manager is via the Hitachi ID Mobile Access app on the user's smart phone.
- Unlocking encrypted filesystems.
- Strong authentication prior to unlock.
- Access to self-service using a smart phone, as the PC is locked.
Enrollment of security questions
- A user has been invited to fill in a form with security questions and answers.
- This animation starts after:
- The user has clicked a link in an e-mail, or
- a browser window was automatically launched at PC login.
- The user has already authenticated to Password Manager with a password, token or smart card.
- Policy is used to combine user-chosen and standardized questions.
- Some questions may be accessible to the help desk.
- Some questions may be suitable for telephone authentication.
- Usually only a random subset of enrolled questions is used to authenticate a user.
Enrollment of non-standard login IDs
- A user has been invited to fill in a form with login IDs and passwords.
- This animation starts after the user has been invited and has authenticated.
- Multiple authentication steps - security questions, login IDs, biometrics, etc. are normally integrated into a single process.
- This process eliminates the need to "match" profile data on different systems (can be costly, unreliable).
- Users don't need to know what a system is "officially" called, eliminating a common cause of misunderstanding between users and IT staff.
- Users must "prove possession" by providing a correct password, making this process totally secure.
RSA SecurID Self-Service Token Support
- A user has forgotten the PIN for his RSA SecurID token.
- Using self-service, he can choose a new PIN.
- Token PIN reset is more commonly accessed via telephone, since tokens are often used to establish a VPN connection.
- Other self-service options include issuing emergency access codes and disabling the token (e.g., if it was lost).
Reminder to change passwords
- A user is reminded, via e-mail, to change passwords.
- Users never volunteer to change passwords.
- Mobile users are not reminded to change passwords by Windows, so an e-mail helps them avoid lockouts.
- An interactive web UI can educate users about password policy and in-scope systems, so is often preferable to the Windows "Ctrl-Alt-Del" UI.
Assisted password reset
- The experience of a help desk analyst resetting passwords for a user who has forgotten his password or triggered a lockout.
- Help desk staff may be forced to authenticate callers, for example by prompting them with security questions and keying in their answers.
- Help desk staff may be empowered or required to cause new passwords to be immediately expired.
- "Behind the scenes," a help desk ticket is normally created to record the service incident.