Simple, Secure and Effective Solution to Password Management Problems with EmpowerID
Organization’s endure a massive on-going problem with password management. Not only because of the lackadaisical approach to password security by many users, but also because of the actual controls and systems themselves. The results are legal and compliance issues, increased security risks, unproductive time, frustrations and, at the receiving end, an overburdened support team. EmpowerID changes all that, and more.
Self-Service Password Resets
An automated self-service password reset facility empowers users to self-service password resets. Cheaper, less frustrating, and saves both time and support burden.
Password Expiration Notifications
Avoid unproductive downtime and unnecessary aggravation of users getting logged out because their password has expired.
Multiple Password Policies
Workflow driven, EmpowerID permits you to implement as many policies as you need, each of which can have different rules and stipulations.
In this piece, we look at the following sections and how EmpowerID’s password management solution can help you change all that:
- Web and Mobile Self-Service Reset: Password resets are not only costly, but frustrating to both the user and to support. EmpowerID has an automated self-service password reset facility that changes all that.
- Adaptive Multi-Factor Identity Verification: Adhering to Zero Trust, EmpowerID provides well over 20 Adaptive MFA methods of authenticating users.
- Assisted Helpdesk Password Reset: On occasion, password resets go awry. When this occurs, you need a backup plan. Built on workflows (as is the rest of EmpowerID), the backup plan is simple, easy, and quick to initiate.
- Windows Desktop Login Client: for corporate users who have locked themselves out of their PCs, a password reset client is available. This step-by-step process assists them to easily regain access.
- Multiple Password Policies: we understand that every organization has different password policy requirements. With EmpowerID, you can implement as many policies as you need, each of which can have different rules and stipulations.
- Password Expiration Notifications: EmpowerID also helps with expiring password or account notifications. Users do not like changing passwords. To the extent that it is only when they cannot login that they realize their password has expired. This leads to unnecessary downtime and frustration that is easy to avoid.
- Active Directory Password Change Detection: tracking password changes through native Microsoft interfaces is problematic. Not only for users, but for administrators, too. EmpowerID employs a change detection agent to address this.
- Password Reset for All Your Systems: with the differing range of complex password requirements across multiple applications, it is no wonder that users struggle with them. EmpowerID changes that through connecting to and synchronizing your entire organization.
Web and Mobile Self-Service Reset
Estimations are that it costs $20 to perform a single password reset in a medium-sized organization. However, by automating portions of the reset process, it is possible to reduce this figure to as little as $3, with an accompanied 30% reduction in help desk calls.
EmpowerID allows end-users to perform self-service resets using an anonymous web-based workflow process.
They can perform this reset from their desktop or mobile device at any time of the day or night, and without requiring any helpdesk assistance.
EmpowerID’s wide range of flexible options for verifying end-user identity makes the process easy to use and very secure.
Adaptive Multi-Factor Identity Verification
A crucial step for preventing security breaches and intrusions during the password reset process is verifying the user’s identity. (Always verify is one the main principles of Zero Trust and is something EmpowerID adheres to.)
Unfortunately, passwords continue to be the weakest link and they are also most vulnerable during the password reset process.
Outdated methods which ask users to answer simple questions have proven both inadequate and insecure.
At present, the only proven method of plugging this gap is Multi-Factor Authentication (MFA).
EmpowerID uses Adaptive MFA and has a wide range of secure but easy to use options (over 20) for validating a user’s identity.
Options include one-time passwords, FIDO/Yubikey tokens, 3rd parties such as DUO, as well as the EmpowerID Mobile phone app for push-to-approve identity verification.
Assisted Helpdesk Password Reset
The goal of a password management tool is to eliminate costly helpdesk calls. Unfortunately, and despite users having this facility, this is not always possible
On such occasions, a secure alternative method (a backup) is required to allow helpdesk staff to intervene and assist, as needed.
EmpowerID includes such friendly workflows to support users, all the while adhering to Zero Trust principles, which ensures that helpdesk staff accurately verify the caller’s identity before performing an assisted password reset.
Furthermore, all actions within EmpowerID are logged and, following the successful password reset, end-users are notified via email that their password has been changed.
This email notification allows them to personally validate the reset process, as well as to provide yet further confirmation that the reset request was initiated by them.
Windows Desktop Login Client
When corporate users have locked themselves out of their PCs, performing a password reset can be problematic.
To solve this challenge, EmpowerID offers a password reset client which appears as an additional login option.
This option allows users to follow a simple step-by-step process to reset their forgotten password and even permits them to unlock their locked-out account, even though they cannot login to their PC.
This step-by-step process means they can regain access to their workstations quickly without having to wait for assistance from busy helpdesk staff.
Multiple Password Policies
An organization’s security requirements often differ for internal and external users as well as for privileged IT administrators.
EmpowerID allows organizations to set an unlimited number of flexible policies to specify the exact security that they need.
As part of these policies, organization can determine multiple attributes, including password strength, change frequency, as well as the stringency around the forgotten password reset process.
Flexible password policies assigned by role or attribute define not only the password complexity requirements but also the settings that control the user’s authentication experience as well as the coarse-grained controls for multi-factor authentication.
In addition to admins being able to report and track user adoption, it's also possible to implement policies that force users to enroll for password reset during the login process.
This helps alleviate the danger of weak passwords when accounts are intially setup via automation.
Password Expiration Notifications
Often users are unaware that their password is nearing expiration until after it has actually expired.
Unfortunately, history shows this is even more commonplace with partners and other types of external identities.
EmpowerID addresses this through workflows that continually monitor for impending password or account expirations.
When detected, EmpowerID alerts users in advance to forewarn them of their expiring password or account.
Active Directory Password Change Detection
One challenge faced by password management solutions is losing track of password changes that are made through the native Microsoft interfaces.
These also include password resets by administrators or even when users change their password at the CTRL-ALT-DEL screen in Windows.
Not only is this poor practice, but it's placing your organization at risk and is likely making audit and compliance more difficult than they need to be.
EmpowerID addresses this by using a change detection agent that runs on your Active Directory Domain Controllers.
Not only does this agent captures password changes, but it also sends them to EmpowerID to synchronize the password change to all other systems in the user’s password sync list.
The agent also logs all actions, thereby minimizing risk to your organization, making audits and compliance a breeze, and lets your responsible team members breathe a much needed sigh of relief.
Password Reset for All Your Systems
The measure of a password reset solution is its ability to reset passwords in as many of an organization’s systems as possible
If users need to reset their passwords across multiple areas of your business, it is showing a security loophole that you would rather not have.
EmpowerID provides one of the largest libraries of out of the box connectors available. For both on-premise and Cloud systems.
These out of the box systems are workflow-based processes which are quick and easy to setup, configure, and run.
You make the connection, test it, and as soon as it is complete, EmpowerID will then inventory the user accounts and is then ready to synchronize passwords changes across all connected systems.