Active Directory Self-Service Password Reset

Active Directory password reset is a day-to-day routine for help desk, which takes a lot of time. Statistics shows, that IT support personnel handle password reset calls for almost 40% of their working day. This procedure for each call includes greeting, authentication, execution of reset, confirmation, and goodbye. On the basis of this, multiple surveys were conducted. These surveys took into account an average help desk wages, percentage of password reset calls and time consumption. By generalizing their results one can see that an average cost per password reset call varies from $15 to $20, which is pretty expensive. So is there a way to minimize password reset expenses without loss in security? Adaxes allows decentralizing password reset/account unlock by providing secure Self-Service Password Reset to end-users.

Password Self-Service Demo

Self-Service Password Reset, which enables end users to reset Active Directory password on their own, can provide significant reduction of costs for your company. Let’s say an average salary of a help desk employee is $50 000 per year. With 40% of time spent for password resetting we get $20 000 spent for paying it. But not only IT support spends time for password handling. Users as well waste their working time, waiting for it. Though it is only 20 minutes (in average), but in a scope of a large company it results in significant money losses. If we take a look at statistics, we'll see, that a company with 1000 users and average password reset activity can save about $20 000 per year. As one can see, the result of introducing the Self-Service Password Reset solution is very promising and, in average, the return of investments takes a couple of months.

Self-Service Password Reset is Secure

Any rights delegation to end-users is risky and increases the possibility of malicious actions. That is why Self-Service Password Reset must guarantee that a user, who initiates password resetting, is really eligible for this. So it is crucial to use strong identity-verification procedures.

Adaxes uses two means, which deliver secure Self-Service Password Rest to end-users end eliminate IT personnel involvement. These are security questions/answers and SMS verification. Users can pass an authentication by answering questions from their personal Q&A profile and/or confirm identity by receiving a verification code to mobile phone and entering it to the system. Nevertheless each method is quite reliable, it is strongly recommended to combine them. Thus you can prevent system access, which could be possible as a result of receiving SMS code to a stolen mobile phone and/or guessing answers that became much easier with growth of social networking.

Though the reliability of these methods is quite significant, additionally Adaxes Self-Service Password Reset enables efficient security measures to prevent hacker attacks. First of all it is user account blocking after a certain number of failed authentication attempts. The second measure is email notification that informs users about password reset via Self-Service Password Reset system and prompts them to contact administrator if reset was not done by them. Third one is captcha – a word verification image that helps prevent brute force attack. One more useful measure is statistics. It shows all the information about password reset activity, including IP addresses of hosts, from where password reset was initiated. By monitoring multiple failed authentication attempts made from one or several IP addresses, one can localize a host of possible attack and apply preventive actions.

Self-Service Password Reset is Flexible

In any company there are a lot of types of users with different privileges. The more rights a user has, the stronger security policy his/her account must have. Administrators, for instance, have significantly wider range of rights, than general users do. That is why administrator accounts require a more severe Self-Service Password Reset policy. Regular users, in turn, can have less severe verification procedure. To embody such an objectives, Adaxes allows diversifying Self-Service Password Reset procedures for various user types. Thus administrators can have a lot of security questions and low number of verification attempts. The same can work for help desk, but with less number of questions. And general users can have the most modest policy.

Such an approach provides an easy and flexible way of applying strong verification requirements and security measures to users, who really need it, and delivers lighter procedures for others.

Self-Service Password Reset is Easy to Enroll

Unlike SMS verification method, which does not require any introductory actions from a user, Q&A verification needs preliminary questions/answers specifying. This procedure is called enrollment. Enrollment is an easy process of selecting security questions and answering them, which is implemented in the Adaxes Active Directory Web interface. Though this process does not take a lot of time, many users are too lazy or simply forget to perform it. For informing and reminding users about necessity of enrollment, Adaxes Self-Service Password Reset enables sending periodical enrollment invitations. This helps reach up to 100% of user enrollments throughout the whole company within a tight deadline.

Self-Service Password Reset is Easy to Manage

Adaxes Self-Service Password Reset allows monitoring password reset activity via convenient statistics. It enables checking the number of enrolled, not enrolled and blocked users, as well as failed/successful password resets. All these data are presented in a handy and user-friendly manner.

Self-Service Password Reset is Easy to Use

Adaxes Self-Service Password Reset enables users to reset their passwords or unlock accounts anywhere at any time. It can be done via Windows logon screen that is essential for office users or Web Interface, which is very helpful for those, who work remotely. Everything takes just a few minutes.

The procedure of self-password resetting or account unlocking is pretty simple.

• By clicking the Reset password link in Windows logon screen or Web Interface a user gets to the Self Password Reset wizard, where is proposed to enter a user name.

  


• If SMS verification is enabled a user will be asked to enter a code, sent to your mobile phone.

  

• After code confirmation a user is asked to answer security questions.

  


• In case of success you obtain the right to reset a password.

  

Self-Service Password Reset is User Friendly

One of the common problems users usually face is password requirements, set by password policy. Frequently, passwords are rejected due to incorrect length or characters issue. This confuses and irritates users, because they do not understand what’s wrong. Finally, they will have to contact help desk to find out the reason of reject.

Adaxes helps resolve this issue. It is possible to configure Web Interface for showing a custom message with password requirements and allow users to check an effective password policy.

Also Adaxes enables generating a strong secure password, which would correspond to all the requirements of password policy, and spell it out for better remembering. All these features will help end-users to perform password reset seamlessly in a very short time.

For now, Self-Service Password Reset is the only way of conducting decentralized, secure and efficient measures for Active Directory password resetting and account unlocking throughout the whole company. It provides return of investments within couple of month and keeps working for your company, guaranteeing streamline workflow and saving resources.

For details on how to configure the Password Self-Service feature in Adaxes, see Configure Password Self-Service.

Along with Self-Service Password Reset, Adaxes provides functionality for active directory administrative tasks automation, role-based security management, allows automated user provisioning and deprovisioning, and much more.