Self-service password reset is defined as any process or technology that allows users who have either forgotten their password or triggered an intruder lockout to authenticate with an alternate method and repair their own problem, without calling the help desk.
Users who have forgotten their password or triggered an intruder lockout may launch a self-service application using an extension to their PC login prompt, using their own or another user's web browser, using an app on their smart phone or through a telephone call. Users establish their identity, without using their forgotten or disabled password, by entering a PIN sent to their phone, by answering a series of personal questions, using a hardware authentication token or by providing a biometric sample. Users then either select a new password or just clear a lockout on their account.
Self-service password reset expedites problem resolution for users and reduces help desk call volume. It can also be used to ensure that password problems are only resolved after strong user authentication, eliminating an important weakness of many help desks: social engineering attacks.
One of the core features of Hitachi ID Password Manager from Hitachi ID Systems is self-service password reset.
This is a more complex problem than it might first appear:
- Users may be prompted to enter their password before the operating system even starts -- by full disk encryption software.
- Users need to reset not only their password "on the network" -- i.e., on Active Directory domain controllers, but also the copy of their password that is cached on their Windows PC.
- The self-service portal should be accessible even to users who cannot sign into their PC, because a user who forgot or locked out his AD password cannot launch a Windows desktop.
- The self-service portal should be accessible even when users are away from the office, for example those who are traveling or working from home.
Hitachi ID Password Manager is a complete solution for managing passwords and other credentials, intended for users in a medium to large enterprise. It includes self service password reset features, Active Directory integration and Self-Service -- a set of capabilities that enable self-service even anywhere -- including from pre-boot, from the Windows login prompt and while away from the office.