Users who forget their passwords can dial an interactive voice response (IVR) system with any telephone and initiate a password reset. Authentication is typically either with touch-tone input of answers to security questions, whose answers are numeric, or by prompting the user to speak the answer to a security question and performing a biometric voiceprint match.

The call flow in an existing IVR system can be extended to handle this type of self-service, integrating with Hitachi ID Password Manager via its API to effect password or PIN resets. Alternately, relevant calls can be rerouted to Hitachi ID Telephone Password Manager, which can handle the entire call flow itself. Telephone Password Manager is bundled with Password Manager (no cost).

Note that IVR systems cannot change passwords cached locally on the user's PC, so are mainly appropriate for resetting VPN passwords, Extranet passwords and PC login passwords for users whose PC is physically attached to the corporate network.

IVR design questions

When deploying a self-service system with a telephony user interface, some key design questions must be answered:

  1. How will users identify themselves?
  2. How will users authenticate themselves?
  3. Will users have the option to clear intruder lockouts separately from resetting passwords?
  4. Will users have the option to choose on which systems to reset passwords or will password synchronization be implicit?
  5. Will users have the ability to choose their own new password, or will one be randomly generated?

Password Manager can be configured in a variety of ways, to support different answers to each of the above questions. Following are suggestions for best practices, intended to streamline the IVR user experience without adversely impacting security:

  1. User identification:

    The simplest solution is to map users' network login IDs, which are alphanumeric, to their digit equivalents on user telephone keypads. In the few cases where multiple users have the same numeric version of their login ID, the IVR system can ask the user to choose the correct identifier.

    This approach is less costly and more reliable than speaker independent speech-to-text technologies.

    A viable alternative is to prompt users to type a well known personal numeric identifier, such as an employee number. The only caution with this alternative is to ensure that all users actually have and know their own identifier (e.g., obscure employee numbers, contractors without an employee number, etc.).

  2. User authentication:

    Robust authentication is the cornerstone of system security. The best practice is to invite users to enroll a biometric voice print sample (during general Password Manager enrollment, not as a separate project). The voice print on file can be matched against a fresh sample taken when a user needs service.

    A somewhat less expensive option is to invite users to enroll personal, numeric answers to security questions. Users may provide their driver's license number, date of birth, last-4-SSN, etc. at enrollment time and be prompted to key in the same data at authentication time.

  3. Clear lockout as a separate option:

    User interaction with a telephone is sequential and slow. This can make the process frustrating and it is therefore desirable to minimize interaction. For this reason, a separate feature to clear an intruder lockout -- which would add a navigation step -- is not recommended (but it is technically supported).

  4. One password or many:

    For the same reason as above, it makes sense to offer users a password reset on all systems, rather than one at a time. Resetting multiple passwords eliminates the need for users to specify which password they need reset.

  5. Password selection:

    Again, to limit user interaction, it is easier to have the IVR system generate a random password, enunciate it to the user and ask the user to accept it. This eliminates awkward manual input of password values using a telephone's keypad. When passwords are reset, they should be set to immediately expire in any case, so that users will have to choose their own, permanent password.

Using an existing IVR system

Password Manager includes a client library that can be installed on an existing systems, such as IVR platforms and other, third-party applications. This API allows native code on the external (example: IVR) system to:

  • Look up a user profile.
  • Retrieve a set of authentication questions for the user
    (typically these have numeric answers in IVR applications).
  • Validate answers entered by the user to his own question.
  • Request a randomly-generated password to offer the user.
  • Request a password reset for the user.

This library implements a secure remote procedure call to the Password Manager server, using an encrypted TCP socket based on a shared secret key.

The Password Manager application programming interface (API) includes a C-language binding for Windows (DLL) and Unix (shared object library for any flavor of Unix, including UnixWare as used by Lucent/Avaya products). It is also exposed as a SOAP web service and an ActiveX component.

Deploying Telephone Password Manager and rerouting calls


Telephone Password Manager is a turn-key telephone user interface bundled with the Password Manager credential management solution. It enables organizations to quickly and inexpensively offer self-service password reset, PIN reset and encrypted drive unlock to users over a telephone, without having to configure a complex IVR system.


Telephone Password Manager supports self-service management of authentication factors (credentials) and recovery of drive encryption keys over a telephone with:

  • User identification:

    Users who call Telephone Password Manager typically identify themselves by typing a personal identifier on a touch-tone telephone keypad. The identifier may be a pre-existing numerical ID, such as an employee number or a letters-to-digits mapping of an alpha-numeric ID, such as the user's network login ID.

  • User authentication:

    Once identified, users must be authenticated. Telephone Password Manager supports authentication with a hardware token (e.g., RSA SecurID), by prompting the user to key in answers to numeric security questions using a touch-tone telephone keypad on their phone (e.g., driver's license number, SSN, date of birth, etc.) or using an optional biometric voice verification module.

  • Password reset:

    Once authenticated, users can initiate a password reset. This may be for one or all of their passwords and the new password may either be randomly generated and read out to the user or user-specified. New passwords may be set to expire after first use.

  • PIN reset:

    Authenticated users can also use Telephone Password Manager to reset the PINs on their RSA SecurID tokens. A randomly-generated or a user-specified PIN may be used.

  • Encrypted drive unlock:

    Users with a drive encryption program protecting their computer can use Telephone Password Manager to automate the unlock process in the event that they forgot the password that they normally type pre-boot.

  • Text to speech:

    Telephone Password Manager is normally configured to play .WAV audio files as prompts for user input. It also includes a text to speech mechanism that makes it easier to develop new navigation menus and defer new voice recordings.

  • Speech to text:

    While text input into Telephone Password Manager is usually made with a touch-tone keypad, Telephone Password Manager can be configured to recognize small dictionaries of spoken words, so that users can make alphanumeric input by speaking the names of letters and digits.

  • PBX integration:

    Telephone Password Manager can be directly integrated into an existing PBX system, by installing the appropriate (to that PBX system) Dialogic telephony board on each Telephone Password Manager server.

  • VoIP integration:

    Telephone Password Manager can also be connected to a voice-over-IP network and configured to accept VoIP calls.


Telephone Password Manager lowers IT support costs and improves user service by enabling mobile, remote or locked out users to resolve problems with their password, hardware token or encrypted drive on their own, without calling the help desk.

Telephone Password Manager can improve the security of IT support processes by authenticating users with biometric voice-print verification prior to offering services such as password or PIN reset.