SlideShare a Scribd company logo
1 of 13
Download to read offline
Centralized Self-service Password Reset:
                                  From the Web and Windows Desktop

                                      Self-service Password Reset Layer
                                                                          v.3.2-007




PistolStar, Inc. dba PortalGuard
PO Box 1226
Amherst, NH 03031 USA

Phone: 603.547.1200
Fax: 617.674.2727
E-mail: sales@portalguard.com
Website: www.portalguard.com

© 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved.
Tech Brief — Centralized Self-service Password Reset



                                       PortalGuard Centralized Self-service Password Reset:
                                               From the Web and Windows Desktop


                                 Table of Contents

                                 Summary ................................................................................................. 2
                                 The Basics............................................................................................... 2
                                 PortalGuard Centralized Self-service Password Reset ............................ 2
                                 Features .................................................................................................. 3
                                 Benefits ................................................................................................... 4
                                 How it Works ........................................................................................... 4
                                        Enrollment .................................................................................... 4
                                        Self-service Password Reset ....................................................... 7
                                 Configuration ........................................................................................... 9
                                 Deployment ........................................................................................... 10
                                 IIS Install................................................................................................ 11
                                 System Requirements ........................................................................... 11
                                 Supporting Videos ................................................................................. 12
                                 Platform Layers ..................................................................................... 12




© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                                                 Page 1
Tech Brief — Centralized Self-service Password Reset




                                 Summary
                                 For companies of all sizes, the task of supporting users can prove to be taxing on the IT
                                 staff, especially the Help Desk and Administrators. Most studies show the cost of pass-
                                 word resets can range from $25 to $75 per incident and make up around 30 percent or
                                 more of Help Desk calls. This provides ample reason and demand for password reset and
                                 recovery tools which empower the user. By allowing users to self-service their own ac-
                                 count and password management needs, organizations can effectively offer 24/7 access
                                 and maintain productivity.

                                 Shopping for a tool such as this can be challenging, so the first step is to understand your
                                 requirements by documenting your user access scenarios. For example, how will roaming
                                 users change their password remotely or how will a forgotten password be recovered on a
                                 laptop with an encrypted hard drive. Along with these requirements determining your
                                 budget and current Help Desk costs without a solution in place will allow you to forecast
                                 your ROI and further narrow down the vendor selection.

                                 Another point to consider is the evolution of self-service password reset and whether the
                                 vendors you are evaluating are keeping pace. Many tools you’ll find are not compliant with
                                 most companies’ current security standards. The problem of forgotten passwords has
                                 been around since passwords were first used, but expanding access scenarios and ad-
                                 vanced attacks are requiring more advanced solutions. For example, entry point solutions
                                 are now expected to go beyond simple password resets to accept multiple scenarios
                                 which may include disconnected users, auditing and leveraging devices such as mobile
                                 phones.

                                 Of course, true success of a self-service password management solution will be measured
                                 by the users’ satisfaction and an overall reduction in the frequency of their calls to the Help
                                 Desk for support.


                                 The Basics
                                 Self-service password reset is the process a user initiates to prove their identity with the
                                 end goal of resetting their password. Self-service password recovery is similar, but the end
                                 goal is obtaining the current password value without changing it. The user can be authenti-
                                 cated using various methods.

                                 Most tools use challenge question and answer as an acceptable means of authenticating
                                 the user. However, associated security threats including easily guessed answers or infor-
                                 mation readily available on their Facebook page raise valid concerns. A secure solution
                                 puts additional precautions in place. For example, not allowing the same answer for each
                                 question, requiring a minimum answer length, and requiring a larger subset of questions
                                 (e.g. 3 out of 6) to be answered.

                                 For increased security, two-factor authentication can be added to the password reset and/
                                 or recovery to ensure only an authorized user is setting the password.


                                 PortalGuard Centralized Self-service Password Reset
                                 PortalGuard’s self-service password reset is flexible and offers a complete solution which
                                 has evolved with industry demands. By providing the exact same interface for both Win-
                                 dows Desktop and Web-based self-service, the user’s learning curve is minimized and
                                 overall user adoption is increased.


© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                         Page 2
Tech Brief — Centralized Self-service Password Reset



                                 The available self-service actions that PortalGuard offers are password reset, password
                                 recovery, and account unlock. These actions can also be performed from mobile devices
                                 such as iPads and smartphones. PortalGuard integrates seamlessly with Microsoft Active
                                 Directory, Novell eDirectory, any LDAP-compliant directories and custom SQL user reposi-
                                 tories.

                                 PortalGuard also supports users who are offline or disconnected from the network, allow-
                                 ing them to perform a password recovery. In this case, the password is divided into mathe-
                                 matically-represented “shares” with each share being AES-256 encrypted by a separate
                                 challenge answer. All shares are then bulk encrypted with AES-256 using a separate key
                                 and stored locally on the user’s machine. When the user attempts to recover their pass-
                                 word, they will be asked to prove their identity by correctly answering a certain number of
                                 challenge questions. Once decrypted, the user is shown the password in clear text allow-
                                 ing them to continue working. For security purposes, if a disconnected user strikes out
                                 while attempting to authenticate, the encrypted recovery information is deleted from the
                                 local machine, so the user will be forced to reconnect to the network to perform the recov-
                                 ery.

                                 To authenticate the user during an online self-service action, PortalGuard leverages chal-
                                 lenge questions and answers and/or two-factor authentication via a one-time password
                                 sent to a mobile phone or email address. Challenge answers are cryptographically hashed
                                 and stored on a central server to support roaming users and prevent the need to re-enroll
                                 on multiple machines.

                                 By providing auditing and reporting around user access, an Admin App for the mobile
                                 phone, and user verbal authentication through a Help Desk console, PortalGuard is a
                                 comprehensive self-service password reset solution.


                                 Features

                                 General:
                                    Provides password reset, recovery and account unlock
                                    Disconnected user support - including lock-out threshold for increased security
                                    Forced user enrollment (optional)
                                    Integrates with Active Directory, Novell eDirectory, any LDAP-compliant directories and
                                     custom SQL user repositories
                                    Encrypted hard drive support - perform a password recovery thru PortalGuard on an
                                     alternate or mobile device (e.g. Symantec Endpoint Encryption)
                                    Supports multiple authentication methods - challenge questions and answers and two-
                                     factor authentication delivered via SMS or Email
                                    Email notifications of password resets to both the user and/or admin
                                    Lock-out thresholds for incorrect responses to authentication attempts
                                    Includes support for mobile browsers

                                 Challenge Questions & Answers:
                                    Centralized - challenge information stored on server
                                    Configurable number of mandatory/optional questions
                                    Allows import/pre-population of challenge answers
                                    Prevent repeat answers for multiple challenge questions
                                    Prevent answers from containing words from the question text
                                    Answers can be case sensitive
                                    Configurable minimum length for challenge answers

                                 Administrative:


© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                        Page 3
Tech Brief — Centralized Self-service Password Reset



                                  Help Desk Console - provide interface for Help Desk staff to easily perform account ac-
                                   tions
                                  Verbal Authentication - allows Help Desk staff to authenticate a user calling in
                                  Administrator Dashboard - logging and reporting of user access activity

                                 Windows Desktop Support (shown below):
                                  Supports Windows versions XP, Vista, Windows 7, Microsoft Terminal Services and Re-
                                   mote Desktop Services
                                  Self-service directly from Ctrl+Alt+Del/Windows Logon screen - removes need to go to
                                   an alternate machine/kiosk or login with a guest account, maintained on each machine
                                        Windows 7 Desktop Support                              Windows XP Desktop Support




                                 Benefits

                                  Increased Usability - users are now empowered to self-service their own needs and
                                   maintain productivity
                                  Increased Security - provides two-factor authentication
                                  Centralized Solution - same user interface for both the web and Windows desktop
                                  No Kiosks - perform all self-service actions directly from the user’s machine
                                  Reduced Costs - alleviate password-related Help Desk calls and demands on IT staff
                                  Configurable - to the user, group or application levels
                                  Seamless Integration - use “sidecar” mode to retrofit existing application login screens
                                   with the PortalGuard functionality, maintaining the current look and feel you have today


                                 How It Works
                                 The following steps show the enrollment and process of resetting a password using Portal-
                                 Guard’s self-service functionality. The screenshots provided are showing the process be-
                                 ing completed from a web browser. A user can also complete the process from the Win-
                                 dows desktop using the same steps and identical interface.

                                 Enrollment

                                 Once self-service password reset is made available, the user will be prompted to enroll
                                 their challenge questions and answers. PortalGuard provides flexibility around this process
                                 by allowing you to configure whether the enrollment will be forced or able to be postponed
                                 “x” number of times by the user. This increases the usability for users, giving them options
                                 around a process some may find obstructive.

                                 NOTE: If other authentication methods are enforced, such as two-factor authentication, then those
                                 enrollment actions will also be displayed, as configured by the admin.

© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                           Page 4
Tech Brief — Centralized Self-service Password Reset




                                 Enrollment Process
                                 NOTE: The screenshots below illustrate the use of PortalGuard’s “sidecar” functionality. It
                                 allows rapid integration of PortalGuard’s self-service features into existing websites or user
                                 processes.

                                 Step 1: The user attempts to login to a company’s existing portal as usual.




                                 Step 2: In this case, the user has not yet enrolled their challenge information so Portal-
                                 Guard automatically displays the enrollment screen in “sidecar” mode. This dialog shows
                                 that the administrator has configured the PortalGuard policy to allow the option of skipping
                                 enrollment temporarily. Doing so will close the PortalGuard dialog and continue the origi-
                                 nal login process. The user can enroll now by clicking “Continue”.




© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                        Page 5
Tech Brief — Centralized Self-service Password Reset




                                 Step 3: The user is prompted to provide answers to the challenge questions. The number
                                 of both mandatory and optional questions the user is required to answer is configurable.
                                 PortalGuard also increases security by helping the user perform best practices when sup-
                                 plying answers, such as not repeating answers or avoiding using words which are included
                                 in the question text.

                                 Throughout the enrollment process the user is provided with helpful warning notices, such
                                 as the number of answers remaining, to ease the frustrations some may feel during this
                                 process.




                                 Step 4: The process is complete and the user is now enrolled. Clicking the link shown will
                                 close the PortalGuard dialog and continue the original login process.




© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                       Page 6
Tech Brief — Centralized Self-service Password Reset




                                 Self-service Password Reset Process

                                 Step 1: The user attempts to login to a company’s existing portal but has forgotten their
                                 password. The user then clicks the “Forgot your password?” link.




                                 Step 2: The user selects from “Recovery Actions Available” which self-service action they
                                 would like to perform. The user selects the “Reset Forgotten Password” radio button and
                                 clicks “Continue”.

                                 NOTE: The dialog shows the most common actions, an account unlock and password re-
                                 set, but password recovery is also available.




© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                       Page 7
Tech Brief — Centralized Self-service Password Reset




                                 Step 3: The user is then prompted to provide their enrolled answers to the enrolled chal-
                                 lenge questions. PortalGuard provides users with helpful warning messages throughout
                                 this process. Once the user has supplied the required number of answers they click
                                 “Continue”.




                                 Step 4: The user’s identity has been verified and they are able to set a new password.
                                 Added usability and security features such as the “Show Password” checkbox and virtual
                                 keyboard can be easily enabled or disabled.




© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                       Page 8
Tech Brief — Centralized Self-service Password Reset




                                 Configuration
                                 NOTE: All the following settings are policy specific, so you can have different values for
                                 different users/group/hierarchies.

                                           Configurable through the PortalGuard Configuration Utility:

                                           Main
                                            Self-service options available to users
                                            Authentication types available for each self-service action




                                           Authentication Types
                                            Challenge Questions and Answers
                                                    Enrollment - optional, required, disabled
                                                    Recovery lockout limit
                                                    Answer complexity including minimum length, case sensitivity, prevent
                                                     answer repetition and prevent question words as answers
                                                    Number of optional questions
                                                    Number of mandatory questions




© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                         Page 9
Tech Brief — Centralized Self-service Password Reset




                                            Mobile Phone
                                                    Enrollment - optional, required, disabled
                                                    Phone number format
                                                    Delivery format

                                            Email
                                                        Enrollment - optional, required, disabled
                                                        Domain blacklist
                                                        Email display
                                                        Email format including From, Subject and Body fields

                                            Notifications
                                                     Type of self-service including account unlock, password reset and re-
                                                      covery




                                 Deployment
                                 Implementation of the PortalGuard platform is seamless and requires no changes to Active
                                 Directory/LDAP schema. A server-side software installation is required on at least one IIS
                                 server on the network. Additional client-side software is required for performing self-
                                 service from the Windows logon screen.



© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                           Page 10
Tech Brief — Centralized Self-service Password Reset




                                 IIS Installation
                                 A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/
                                 Windows Server 2008, make sure to have installed the following feature roles prior to
                                 launching the MSI:

                                 1. All the Web Server Management Tools role services
                                 2. All the Application Development role services
                                 3. All IIS 6 Management Compatibility role services

                                 The MSI is a wizard-based install which will quickly guide you through the installation.


                                 System Requirements
                                 This version of PortalGuard supports direct access and authentication to cloud/web-based
                                 applications, only.

                                 PortalGuard can be installed directly on the following web servers:

                                              IBM WebSphere/WebSphere Portal v5.1 or higher
                                              Microsoft IIS 6.0 or higher
                                              Microsoft Windows SharePoint Services 3.0 or higher
                                              Microsoft Office SharePoint Server 2007 or later

                                 The PortalGuard Web server also has the following requirements on Windows operating
                                 systems:

                                            .NET 2.0 framework or later must be installed
                                            (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)

                                 PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal-
                                 Guard can currently be installed on the following platforms:

                                              Microsoft Windows Server 2000
                                              Microsoft Windows Server 2003 (32 or 64-bit)
                                              Microsoft Windows Server 2008 (32 or 64-bit)
                                              Microsoft Windows Server 2008 R2

                                 NOTE: When run in "Sidecar" mode, PortalGuard can provide its functionality on any web
                                 server that uses a HTML login page.

                                 If you have a platform not listed here, please contact us at sales@portalguard.com to see
                                 if we have recently added support for your platform.




© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                         Page 11
Tech Brief — Centralized Self-service Password Reset




                                 Supporting Videos
                                 Please view the following videos to watch a demo of PortalGuard’s self-service offerings:

                                 Self-service Password Reset, Recovery & Account Unlock (Browser-based)
                                 Self-service Password Reset, Recovery & Account Unlock (Windows 7 Desktop)
                                 Disconnected Password Recovery
                                 Help Desk Console


                                 Platform Layers
                                 Beyond self-service password reset, PortalGuard is a flexible authentication platform with
                                 multiple layers of available functionality to help you achieve your authentication goals:

                                              Contextual Authentication
                                              Tokenless Two-factor Authentication
                                              Real-time Reports / Alerts
                                              Knowledge-based
                                              Password Management
                                              Single Sign-on




                                                                             ###
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved.                                                         Page 12

More Related Content

What's hot

Strayer cis 333 week 11 final exam set 3 new
Strayer cis 333 week 11 final exam set 3 newStrayer cis 333 week 11 final exam set 3 new
Strayer cis 333 week 11 final exam set 3 newaagnaa
 
Strayer cis 333 week 11 final exam set 3 new
Strayer cis 333 week 11 final exam set 3 newStrayer cis 333 week 11 final exam set 3 new
Strayer cis 333 week 11 final exam set 3 newolivergeorg
 
2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1aalwayson
 
Identity, Security, and XML Web Services -- The Importance of Interoperable S...
Identity, Security, and XML Web Services -- The Importance of Interoperable S...Identity, Security, and XML Web Services -- The Importance of Interoperable S...
Identity, Security, and XML Web Services -- The Importance of Interoperable S...Jorgen Thelin
 
Online applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsOnline applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsBayalagmaa Davaanyam
 
SmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCMSmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCMOKsystem
 
Engineering Project of Venkata Krishna
Engineering Project of Venkata KrishnaEngineering Project of Venkata Krishna
Engineering Project of Venkata Krishnabanda5630
 
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...IOSR Journals
 
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...IOSR Journals
 
Authentication Scheme for Session Password using matrix Colour and Text
Authentication Scheme for Session Password using matrix Colour and Text Authentication Scheme for Session Password using matrix Colour and Text
Authentication Scheme for Session Password using matrix Colour and Text IOSR Journals
 
Brochure virtual contac_assistant_en
Brochure virtual contac_assistant_enBrochure virtual contac_assistant_en
Brochure virtual contac_assistant_enDexon Software
 
ADSelf Service Password Flyer
ADSelf Service Password Flyer ADSelf Service Password Flyer
ADSelf Service Password Flyer ADSelfServicePlus
 
Authentication scheme for session password using Images and color
Authentication scheme for session password using Images and colorAuthentication scheme for session password using Images and color
Authentication scheme for session password using Images and colorNitesh Kumar
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolIJERD Editor
 
Discussion Paper: Bugs Tracking
Discussion Paper: Bugs TrackingDiscussion Paper: Bugs Tracking
Discussion Paper: Bugs TrackingDeny Prasetia
 
Standard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentStandard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentHitachi ID Systems, Inc.
 

What's hot (19)

Strayer cis 333 week 11 final exam set 3 new
Strayer cis 333 week 11 final exam set 3 newStrayer cis 333 week 11 final exam set 3 new
Strayer cis 333 week 11 final exam set 3 new
 
Strayer cis 333 week 11 final exam set 3 new
Strayer cis 333 week 11 final exam set 3 newStrayer cis 333 week 11 final exam set 3 new
Strayer cis 333 week 11 final exam set 3 new
 
2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a
 
Identity, Security, and XML Web Services -- The Importance of Interoperable S...
Identity, Security, and XML Web Services -- The Importance of Interoperable S...Identity, Security, and XML Web Services -- The Importance of Interoperable S...
Identity, Security, and XML Web Services -- The Importance of Interoperable S...
 
Online applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsOnline applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cards
 
SmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCMSmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCM
 
Engineering Project of Venkata Krishna
Engineering Project of Venkata KrishnaEngineering Project of Venkata Krishna
Engineering Project of Venkata Krishna
 
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
 
Session fixation
Session fixationSession fixation
Session fixation
 
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
 
Authentication Scheme for Session Password using matrix Colour and Text
Authentication Scheme for Session Password using matrix Colour and Text Authentication Scheme for Session Password using matrix Colour and Text
Authentication Scheme for Session Password using matrix Colour and Text
 
3 d
3 d3 d
3 d
 
Brochure virtual contac_assistant_en
Brochure virtual contac_assistant_enBrochure virtual contac_assistant_en
Brochure virtual contac_assistant_en
 
3d passwords
3d passwords 3d passwords
3d passwords
 
ADSelf Service Password Flyer
ADSelf Service Password Flyer ADSelf Service Password Flyer
ADSelf Service Password Flyer
 
Authentication scheme for session password using Images and color
Authentication scheme for session password using Images and colorAuthentication scheme for session password using Images and color
Authentication scheme for session password using Images and color
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
 
Discussion Paper: Bugs Tracking
Discussion Paper: Bugs TrackingDiscussion Paper: Bugs Tracking
Discussion Paper: Bugs Tracking
 
Standard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentStandard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet Deployment
 

Similar to Self-service Password Reset

Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication ManagementHitachi ID Systems, Inc.
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsPortalGuard
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachPortalGuard
 
IRJET- Password Management Kit for Secure Authentication
IRJET-  	  Password Management Kit for Secure AuthenticationIRJET-  	  Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET Journal
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachPortalGuard
 
Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...
Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...
Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...Hitachi ID Systems, Inc.
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementNetwrix Corporation
 
Pg presentation for steph
Pg presentation for stephPg presentation for steph
Pg presentation for stephKjohnson33
 

Similar to Self-service Password Reset (20)

Password Management
Password ManagementPassword Management
Password Management
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication Management
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple Passwords
 
Contextual Authentication
Contextual AuthenticationContextual Authentication
Contextual Authentication
 
Managing Passwords for Mobile Users
Managing Passwords for Mobile UsersManaging Passwords for Mobile Users
Managing Passwords for Mobile Users
 
Managing Passwords for Mobile Users
Managing Passwords for Mobile Users Managing Passwords for Mobile Users
Managing Passwords for Mobile Users
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless Approach
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
IRJET- Password Management Kit for Secure Authentication
IRJET-  	  Password Management Kit for Secure AuthenticationIRJET-  	  Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure Authentication
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor Approach
 
Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...
Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...
Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...
 
Cis333 Week 5 Lab 4
Cis333 Week 5 Lab 4Cis333 Week 5 Lab 4
Cis333 Week 5 Lab 4
 
Saas security
Saas securitySaas security
Saas security
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout Management
 
Pg presentation for steph
Pg presentation for stephPg presentation for steph
Pg presentation for steph
 

More from PortalGuard dba PistolStar, Inc. (7)

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
Password management
Password managementPassword management
Password management
 
Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based Authentication
 
Make Your Employees More Security Aware
Make Your Employees More Security AwareMake Your Employees More Security Aware
Make Your Employees More Security Aware
 

Recently uploaded

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Recently uploaded (20)

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

Self-service Password Reset

  • 1. Centralized Self-service Password Reset: From the Web and Windows Desktop Self-service Password Reset Layer v.3.2-007 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com © 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved.
  • 2. Tech Brief — Centralized Self-service Password Reset PortalGuard Centralized Self-service Password Reset: From the Web and Windows Desktop Table of Contents Summary ................................................................................................. 2 The Basics............................................................................................... 2 PortalGuard Centralized Self-service Password Reset ............................ 2 Features .................................................................................................. 3 Benefits ................................................................................................... 4 How it Works ........................................................................................... 4 Enrollment .................................................................................... 4 Self-service Password Reset ....................................................... 7 Configuration ........................................................................................... 9 Deployment ........................................................................................... 10 IIS Install................................................................................................ 11 System Requirements ........................................................................... 11 Supporting Videos ................................................................................. 12 Platform Layers ..................................................................................... 12 © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 1
  • 3. Tech Brief — Centralized Self-service Password Reset Summary For companies of all sizes, the task of supporting users can prove to be taxing on the IT staff, especially the Help Desk and Administrators. Most studies show the cost of pass- word resets can range from $25 to $75 per incident and make up around 30 percent or more of Help Desk calls. This provides ample reason and demand for password reset and recovery tools which empower the user. By allowing users to self-service their own ac- count and password management needs, organizations can effectively offer 24/7 access and maintain productivity. Shopping for a tool such as this can be challenging, so the first step is to understand your requirements by documenting your user access scenarios. For example, how will roaming users change their password remotely or how will a forgotten password be recovered on a laptop with an encrypted hard drive. Along with these requirements determining your budget and current Help Desk costs without a solution in place will allow you to forecast your ROI and further narrow down the vendor selection. Another point to consider is the evolution of self-service password reset and whether the vendors you are evaluating are keeping pace. Many tools you’ll find are not compliant with most companies’ current security standards. The problem of forgotten passwords has been around since passwords were first used, but expanding access scenarios and ad- vanced attacks are requiring more advanced solutions. For example, entry point solutions are now expected to go beyond simple password resets to accept multiple scenarios which may include disconnected users, auditing and leveraging devices such as mobile phones. Of course, true success of a self-service password management solution will be measured by the users’ satisfaction and an overall reduction in the frequency of their calls to the Help Desk for support. The Basics Self-service password reset is the process a user initiates to prove their identity with the end goal of resetting their password. Self-service password recovery is similar, but the end goal is obtaining the current password value without changing it. The user can be authenti- cated using various methods. Most tools use challenge question and answer as an acceptable means of authenticating the user. However, associated security threats including easily guessed answers or infor- mation readily available on their Facebook page raise valid concerns. A secure solution puts additional precautions in place. For example, not allowing the same answer for each question, requiring a minimum answer length, and requiring a larger subset of questions (e.g. 3 out of 6) to be answered. For increased security, two-factor authentication can be added to the password reset and/ or recovery to ensure only an authorized user is setting the password. PortalGuard Centralized Self-service Password Reset PortalGuard’s self-service password reset is flexible and offers a complete solution which has evolved with industry demands. By providing the exact same interface for both Win- dows Desktop and Web-based self-service, the user’s learning curve is minimized and overall user adoption is increased. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 2
  • 4. Tech Brief — Centralized Self-service Password Reset The available self-service actions that PortalGuard offers are password reset, password recovery, and account unlock. These actions can also be performed from mobile devices such as iPads and smartphones. PortalGuard integrates seamlessly with Microsoft Active Directory, Novell eDirectory, any LDAP-compliant directories and custom SQL user reposi- tories. PortalGuard also supports users who are offline or disconnected from the network, allow- ing them to perform a password recovery. In this case, the password is divided into mathe- matically-represented “shares” with each share being AES-256 encrypted by a separate challenge answer. All shares are then bulk encrypted with AES-256 using a separate key and stored locally on the user’s machine. When the user attempts to recover their pass- word, they will be asked to prove their identity by correctly answering a certain number of challenge questions. Once decrypted, the user is shown the password in clear text allow- ing them to continue working. For security purposes, if a disconnected user strikes out while attempting to authenticate, the encrypted recovery information is deleted from the local machine, so the user will be forced to reconnect to the network to perform the recov- ery. To authenticate the user during an online self-service action, PortalGuard leverages chal- lenge questions and answers and/or two-factor authentication via a one-time password sent to a mobile phone or email address. Challenge answers are cryptographically hashed and stored on a central server to support roaming users and prevent the need to re-enroll on multiple machines. By providing auditing and reporting around user access, an Admin App for the mobile phone, and user verbal authentication through a Help Desk console, PortalGuard is a comprehensive self-service password reset solution. Features General:  Provides password reset, recovery and account unlock  Disconnected user support - including lock-out threshold for increased security  Forced user enrollment (optional)  Integrates with Active Directory, Novell eDirectory, any LDAP-compliant directories and custom SQL user repositories  Encrypted hard drive support - perform a password recovery thru PortalGuard on an alternate or mobile device (e.g. Symantec Endpoint Encryption)  Supports multiple authentication methods - challenge questions and answers and two- factor authentication delivered via SMS or Email  Email notifications of password resets to both the user and/or admin  Lock-out thresholds for incorrect responses to authentication attempts  Includes support for mobile browsers Challenge Questions & Answers:  Centralized - challenge information stored on server  Configurable number of mandatory/optional questions  Allows import/pre-population of challenge answers  Prevent repeat answers for multiple challenge questions  Prevent answers from containing words from the question text  Answers can be case sensitive  Configurable minimum length for challenge answers Administrative: © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 3
  • 5. Tech Brief — Centralized Self-service Password Reset  Help Desk Console - provide interface for Help Desk staff to easily perform account ac- tions  Verbal Authentication - allows Help Desk staff to authenticate a user calling in  Administrator Dashboard - logging and reporting of user access activity Windows Desktop Support (shown below):  Supports Windows versions XP, Vista, Windows 7, Microsoft Terminal Services and Re- mote Desktop Services  Self-service directly from Ctrl+Alt+Del/Windows Logon screen - removes need to go to an alternate machine/kiosk or login with a guest account, maintained on each machine Windows 7 Desktop Support Windows XP Desktop Support Benefits  Increased Usability - users are now empowered to self-service their own needs and maintain productivity  Increased Security - provides two-factor authentication  Centralized Solution - same user interface for both the web and Windows desktop  No Kiosks - perform all self-service actions directly from the user’s machine  Reduced Costs - alleviate password-related Help Desk calls and demands on IT staff  Configurable - to the user, group or application levels  Seamless Integration - use “sidecar” mode to retrofit existing application login screens with the PortalGuard functionality, maintaining the current look and feel you have today How It Works The following steps show the enrollment and process of resetting a password using Portal- Guard’s self-service functionality. The screenshots provided are showing the process be- ing completed from a web browser. A user can also complete the process from the Win- dows desktop using the same steps and identical interface. Enrollment Once self-service password reset is made available, the user will be prompted to enroll their challenge questions and answers. PortalGuard provides flexibility around this process by allowing you to configure whether the enrollment will be forced or able to be postponed “x” number of times by the user. This increases the usability for users, giving them options around a process some may find obstructive. NOTE: If other authentication methods are enforced, such as two-factor authentication, then those enrollment actions will also be displayed, as configured by the admin. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 4
  • 6. Tech Brief — Centralized Self-service Password Reset Enrollment Process NOTE: The screenshots below illustrate the use of PortalGuard’s “sidecar” functionality. It allows rapid integration of PortalGuard’s self-service features into existing websites or user processes. Step 1: The user attempts to login to a company’s existing portal as usual. Step 2: In this case, the user has not yet enrolled their challenge information so Portal- Guard automatically displays the enrollment screen in “sidecar” mode. This dialog shows that the administrator has configured the PortalGuard policy to allow the option of skipping enrollment temporarily. Doing so will close the PortalGuard dialog and continue the origi- nal login process. The user can enroll now by clicking “Continue”. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 5
  • 7. Tech Brief — Centralized Self-service Password Reset Step 3: The user is prompted to provide answers to the challenge questions. The number of both mandatory and optional questions the user is required to answer is configurable. PortalGuard also increases security by helping the user perform best practices when sup- plying answers, such as not repeating answers or avoiding using words which are included in the question text. Throughout the enrollment process the user is provided with helpful warning notices, such as the number of answers remaining, to ease the frustrations some may feel during this process. Step 4: The process is complete and the user is now enrolled. Clicking the link shown will close the PortalGuard dialog and continue the original login process. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 6
  • 8. Tech Brief — Centralized Self-service Password Reset Self-service Password Reset Process Step 1: The user attempts to login to a company’s existing portal but has forgotten their password. The user then clicks the “Forgot your password?” link. Step 2: The user selects from “Recovery Actions Available” which self-service action they would like to perform. The user selects the “Reset Forgotten Password” radio button and clicks “Continue”. NOTE: The dialog shows the most common actions, an account unlock and password re- set, but password recovery is also available. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 7
  • 9. Tech Brief — Centralized Self-service Password Reset Step 3: The user is then prompted to provide their enrolled answers to the enrolled chal- lenge questions. PortalGuard provides users with helpful warning messages throughout this process. Once the user has supplied the required number of answers they click “Continue”. Step 4: The user’s identity has been verified and they are able to set a new password. Added usability and security features such as the “Show Password” checkbox and virtual keyboard can be easily enabled or disabled. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 8
  • 10. Tech Brief — Centralized Self-service Password Reset Configuration NOTE: All the following settings are policy specific, so you can have different values for different users/group/hierarchies. Configurable through the PortalGuard Configuration Utility: Main  Self-service options available to users  Authentication types available for each self-service action Authentication Types  Challenge Questions and Answers  Enrollment - optional, required, disabled  Recovery lockout limit  Answer complexity including minimum length, case sensitivity, prevent answer repetition and prevent question words as answers  Number of optional questions  Number of mandatory questions © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 9
  • 11. Tech Brief — Centralized Self-service Password Reset  Mobile Phone  Enrollment - optional, required, disabled  Phone number format  Delivery format  Email  Enrollment - optional, required, disabled  Domain blacklist  Email display  Email format including From, Subject and Body fields  Notifications  Type of self-service including account unlock, password reset and re- covery Deployment Implementation of the PortalGuard platform is seamless and requires no changes to Active Directory/LDAP schema. A server-side software installation is required on at least one IIS server on the network. Additional client-side software is required for performing self- service from the Windows logon screen. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 10
  • 12. Tech Brief — Centralized Self-service Password Reset IIS Installation A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/ Windows Server 2008, make sure to have installed the following feature roles prior to launching the MSI: 1. All the Web Server Management Tools role services 2. All the Application Development role services 3. All IIS 6 Management Compatibility role services The MSI is a wizard-based install which will quickly guide you through the installation. System Requirements This version of PortalGuard supports direct access and authentication to cloud/web-based applications, only. PortalGuard can be installed directly on the following web servers:  IBM WebSphere/WebSphere Portal v5.1 or higher  Microsoft IIS 6.0 or higher  Microsoft Windows SharePoint Services 3.0 or higher  Microsoft Office SharePoint Server 2007 or later The PortalGuard Web server also has the following requirements on Windows operating systems:  .NET 2.0 framework or later must be installed  (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal- Guard can currently be installed on the following platforms:  Microsoft Windows Server 2000  Microsoft Windows Server 2003 (32 or 64-bit)  Microsoft Windows Server 2008 (32 or 64-bit)  Microsoft Windows Server 2008 R2 NOTE: When run in "Sidecar" mode, PortalGuard can provide its functionality on any web server that uses a HTML login page. If you have a platform not listed here, please contact us at sales@portalguard.com to see if we have recently added support for your platform. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 11
  • 13. Tech Brief — Centralized Self-service Password Reset Supporting Videos Please view the following videos to watch a demo of PortalGuard’s self-service offerings: Self-service Password Reset, Recovery & Account Unlock (Browser-based) Self-service Password Reset, Recovery & Account Unlock (Windows 7 Desktop) Disconnected Password Recovery Help Desk Console Platform Layers Beyond self-service password reset, PortalGuard is a flexible authentication platform with multiple layers of available functionality to help you achieve your authentication goals:  Contextual Authentication  Tokenless Two-factor Authentication  Real-time Reports / Alerts  Knowledge-based  Password Management  Single Sign-on ### © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 12