PortalGuard, profile picture
Uploaded byPortalGuard
633 views

Centralized Self-service Password Reset: From the Web and Windows Desktop

PortalGuard offers a centralized self-service password reset solution designed to reduce the burden on IT staff and help desks by allowing users to manage their own password recovery and account unlock processes. The system supports various authentication methods, including challenge questions and two-factor authentication, ensuring security while accommodating disconnected users. It integrates seamlessly with existing directories and can significantly lower help desk costs and improve user satisfaction.

Embed presentation

Download to read offline
PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com © 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved. Centralized Self-service Password Reset: From the Web and Windows Desktop v.3.2-007 Self-service Password Reset Layer
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 1 Tech Brief — Centralized Self-service Password Reset PortalGuard Centralized Self-service Password Reset: From the Web and Windows Desktop Table of Contents Summary................................................................................................. 2 The Basics............................................................................................... 2 PortalGuard Centralized Self-service Password Reset ............................ 2 Features .................................................................................................. 3 Benefits ................................................................................................... 4 How it Works ........................................................................................... 4 Enrollment.................................................................................... 4 Self-service Password Reset ....................................................... 7 Configuration ........................................................................................... 9 Deployment ........................................................................................... 10 IIS Install................................................................................................ 11 System Requirements ........................................................................... 11 Supporting Videos ................................................................................. 12 Platform Layers ..................................................................................... 12
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 2 Tech Brief — Centralized Self-service Password Reset Summary For companies of all sizes, the task of supporting users can prove to be taxing on the IT staff, especially the Help Desk and Administrators. Most studies show the cost of pass- word resets can range from $25 to $75 per incident and make up around 30 percent or more of Help Desk calls. This provides ample reason and demand for password reset and recovery tools which empower the user. By allowing users to self-service their own ac- count and password management needs, organizations can effectively offer 24/7 access and maintain productivity. Shopping for a tool such as this can be challenging, so the first step is to understand your requirements by documenting your user access scenarios. For example, how will roaming users change their password remotely or how will a forgotten password be recovered on a laptop with an encrypted hard drive. Along with these requirements determining your budget and current Help Desk costs without a solution in place will allow you to forecast your ROI and further narrow down the vendor selection. Another point to consider is the evolution of self-service password reset and whether the vendors you are evaluating are keeping pace. Many tools you’ll find are not compliant with most companies’ current security standards. The problem of forgotten passwords has been around since passwords were first used, but expanding access scenarios and ad- vanced attacks are requiring more advanced solutions. For example, entry point solutions are now expected to go beyond simple password resets to accept multiple scenarios which may include disconnected users, auditing and leveraging devices such as mobile phones. Of course, true success of a self-service password management solution will be measured by the users’ satisfaction and an overall reduction in the frequency of their calls to the Help Desk for support. The Basics Self-service password reset is the process a user initiates to prove their identity with the end goal of resetting their password. Self-service password recovery is similar, but the end goal is obtaining the current password value without changing it. The user can be authenti- cated using various methods. Most tools use challenge question and answer as an acceptable means of authenticating the user. However, associated security threats including easily guessed answers or infor- mation readily available on their Facebook page raise valid concerns. A secure solution puts additional precautions in place. For example, not allowing the same answer for each question, requiring a minimum answer length, and requiring a larger subset of questions (e.g. 3 out of 6) to be answered. For increased security, two-factor authentication can be added to the password reset and/ or recovery to ensure only an authorized user is setting the password. PortalGuard Centralized Self-service Password Reset PortalGuard’s self-service password reset is flexible and offers a complete solution which has evolved with industry demands. By providing the exact same interface for both Win- dows Desktop and Web-based self-service, the user’s learning curve is minimized and overall user adoption is increased.
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 3 Tech Brief — Centralized Self-service Password Reset The available self-service actions that PortalGuard offers are password reset, password recovery, and account unlock. These actions can also be performed from mobile devices such as iPads and smartphones. PortalGuard integrates seamlessly with Microsoft Active Directory, Novell eDirectory, any LDAP-compliant directories and custom SQL user reposi- tories. PortalGuard also supports users who are offline or disconnected from the network, allow- ing them to perform a password recovery. In this case, the password is divided into mathe- matically-represented “shares” with each share being AES-256 encrypted by a separate challenge answer. All shares are then bulk encrypted with AES-256 using a separate key and stored locally on the user’s machine. When the user attempts to recover their pass- word, they will be asked to prove their identity by correctly answering a certain number of challenge questions. Once decrypted, the user is shown the password in clear text allow- ing them to continue working. For security purposes, if a disconnected user strikes out while attempting to authenticate, the encrypted recovery information is deleted from the local machine, so the user will be forced to reconnect to the network to perform the recov- ery. To authenticate the user during an online self-service action, PortalGuard leverages chal- lenge questions and answers and/or two-factor authentication via a one-time password sent to a mobile phone or email address. Challenge answers are cryptographically hashed and stored on a central server to support roaming users and prevent the need to re-enroll on multiple machines. By providing auditing and reporting around user access, an Admin App for the mobile phone, and user verbal authentication through a Help Desk console, PortalGuard is a comprehensive self-service password reset solution. Features General:  Provides password reset, recovery and account unlock  Disconnected user support - including lock-out threshold for increased security  Forced user enrollment (optional)  Integrates with Active Directory, Novell eDirectory, any LDAP-compliant directories and custom SQL user repositories  Encrypted hard drive support - perform a password recovery thru PortalGuard on an alternate or mobile device (e.g. Symantec Endpoint Encryption)  Supports multiple authentication methods - challenge questions and answers and two- factor authentication delivered via SMS or Email  Email notifications of password resets to both the user and/or admin  Lock-out thresholds for incorrect responses to authentication attempts  Includes support for mobile browsers Challenge Questions & Answers:  Centralized - challenge information stored on server  Configurable number of mandatory/optional questions  Allows import/pre-population of challenge answers  Prevent repeat answers for multiple challenge questions  Prevent answers from containing words from the question text  Answers can be case sensitive  Configurable minimum length for challenge answers Administrative:
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 4 Tech Brief — Centralized Self-service Password Reset  Help Desk Console - provide interface for Help Desk staff to easily perform account ac- tions  Verbal Authentication - allows Help Desk staff to authenticate a user calling in  Administrator Dashboard - logging and reporting of user access activity Windows Desktop Support (shown below):  Supports Windows versions XP, Vista, Windows 7, Microsoft Terminal Services and Re- mote Desktop Services  Self-service directly from Ctrl+Alt+Del/Windows Logon screen - removes need to go to an alternate machine/kiosk or login with a guest account, maintained on each machine Benefits  Increased Usability - users are now empowered to self-service their own needs and maintain productivity  Increased Security - provides two-factor authentication  Centralized Solution - same user interface for both the web and Windows desktop  No Kiosks - perform all self-service actions directly from the user’s machine  Reduced Costs - alleviate password-related Help Desk calls and demands on IT staff  Configurable - to the user, group or application levels  Seamless Integration - use “sidecar” mode to retrofit existing application login screens with the PortalGuard functionality, maintaining the current look and feel you have today How It Works The following steps show the enrollment and process of resetting a password using Portal- Guard’s self-service functionality. The screenshots provided are showing the process be- ing completed from a web browser. A user can also complete the process from the Win- dows desktop using the same steps and identical interface. Enrollment Once self-service password reset is made available, the user will be prompted to enroll their challenge questions and answers. PortalGuard provides flexibility around this process by allowing you to configure whether the enrollment will be forced or able to be postponed “x” number of times by the user. This increases the usability for users, giving them options around a process some may find obstructive. NOTE: If other authentication methods are enforced, such as two-factor authentication, then those enrollment actions will also be displayed, as configured by the admin. Windows XP Desktop SupportWindows 7 Desktop Support
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 5 Tech Brief — Centralized Self-service Password Reset Enrollment Process NOTE: The screenshots below illustrate the use of PortalGuard’s “sidecar” functionality. It allows rapid integration of PortalGuard’s self-service features into existing websites or user processes. Step 1: The user attempts to login to a company’s existing portal as usual. Step 2: In this case, the user has not yet enrolled their challenge information so Portal- Guard automatically displays the enrollment screen in “sidecar” mode. This dialog shows that the administrator has configured the PortalGuard policy to allow the option of skipping enrollment temporarily. Doing so will close the PortalGuard dialog and continue the origi- nal login process. The user can enroll now by clicking “Continue”.
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 6 Tech Brief — Centralized Self-service Password Reset Step 3: The user is prompted to provide answers to the challenge questions. The number of both mandatory and optional questions the user is required to answer is configurable. PortalGuard also increases security by helping the user perform best practices when sup- plying answers, such as not repeating answers or avoiding using words which are included in the question text. Throughout the enrollment process the user is provided with helpful warning notices, such as the number of answers remaining, to ease the frustrations some may feel during this process. Step 4: The process is complete and the user is now enrolled. Clicking the link shown will close the PortalGuard dialog and continue the original login process.
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 7 Tech Brief — Centralized Self-service Password Reset Self-service Password Reset Process Step 1: The user attempts to login to a company’s existing portal but has forgotten their password. The user then clicks the “Forgot your password?” link. Step 2: The user selects from “Recovery Actions Available” which self-service action they would like to perform. The user selects the “Reset Forgotten Password” radio button and clicks “Continue”. NOTE: The dialog shows the most common actions, an account unlock and password re- set, but password recovery is also available.
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 8 Tech Brief — Centralized Self-service Password Reset Step 3: The user is then prompted to provide their enrolled answers to the enrolled chal- lenge questions. PortalGuard provides users with helpful warning messages throughout this process. Once the user has supplied the required number of answers they click “Continue”. Step 4: The user’s identity has been verified and they are able to set a new password. Added usability and security features such as the “Show Password” checkbox and virtual keyboard can be easily enabled or disabled.
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 9 Tech Brief — Centralized Self-service Password Reset Configuration NOTE: All the following settings are policy specific, so you can have different values for different users/group/hierarchies. Configurable through the PortalGuard Configuration Utility: Main  Self-service options available to users  Authentication types available for each self-service action Authentication Types  Challenge Questions and Answers  Enrollment - optional, required, disabled  Recovery lockout limit  Answer complexity including minimum length, case sensitivity, prevent answer repetition and prevent question words as answers  Number of optional questions  Number of mandatory questions
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 10 Tech Brief — Centralized Self-service Password Reset  Mobile Phone  Enrollment - optional, required, disabled  Phone number format  Delivery format  Email  Enrollment - optional, required, disabled  Domain blacklist  Email display  Email format including From, Subject and Body fields  Notifications  Type of self-service including account unlock, password reset and re- covery Deployment Implementation of the PortalGuard platform is seamless and requires no changes to Active Directory/LDAP schema. A server-side software installation is required on at least one IIS server on the network. Additional client-side software is required for performing self- service from the Windows logon screen.
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 11 Tech Brief — Centralized Self-service Password Reset IIS Installation A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/ Windows Server 2008, make sure to have installed the following feature roles prior to launching the MSI: 1. All the Web Server Management Tools role services 2. All the Application Development role services 3. All IIS 6 Management Compatibility role services The MSI is a wizard-based install which will quickly guide you through the installation. System Requirements This version of PortalGuard supports direct access and authentication to cloud/web-based applications, only. PortalGuard can be installed directly on the following web servers:  IBM WebSphere/WebSphere Portal v5.1 or higher  Microsoft IIS 6.0 or higher  Microsoft Windows SharePoint Services 3.0 or higher  Microsoft Office SharePoint Server 2007 or later The PortalGuard Web server also has the following requirements on Windows operating systems:  .NET 2.0 framework or later must be installed  (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal- Guard can currently be installed on the following platforms:  Microsoft Windows Server 2000  Microsoft Windows Server 2003 (32 or 64-bit)  Microsoft Windows Server 2008 (32 or 64-bit)  Microsoft Windows Server 2008 R2 NOTE: When run in "Sidecar" mode, PortalGuard can provide its functionality on any web server that uses a HTML login page. If you have a platform not listed here, please contact us at sales@portalguard.com to see if we have recently added support for your platform.
© 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 12 Tech Brief — Centralized Self-service Password Reset Supporting Videos Please view the following videos to watch a demo of PortalGuard’s self-service offerings: Self-service Password Reset, Recovery & Account Unlock (Browser-based) Self-service Password Reset, Recovery & Account Unlock (Windows 7 Desktop) Disconnected Password Recovery Help Desk Console Platform Layers Beyond self-service password reset, PortalGuard is a flexible authentication platform with multiple layers of available functionality to help you achieve your authentication goals:  Contextual Authentication  Tokenless Two-factor Authentication  Real-time Reports / Alerts  Knowledge-based  Password Management  Single Sign-on ###

More Related Content

PDF
Self-service Password Reset
byPortalGuard dba PistolStar, Inc.
 
PDF
Managing Passwords for Mobile Users
byHitachi ID Systems, Inc.
 
PDF
Pg 2 fa_tech_brief
byHai Nguyen
 
PDF
Contextual Authentication: A Multi-factor Approach
byPortalGuard
 
PDF
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PDF
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
byHitachi ID Systems, Inc.
 
PDF
Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...
byHitachi ID Systems, Inc.
 
PDF
Smart card logon in DRAC5
bySriranjan Bose
 
Self-service Password Reset
byPortalGuard dba PistolStar, Inc.
 
Managing Passwords for Mobile Users
byHitachi ID Systems, Inc.
 
Pg 2 fa_tech_brief
byHai Nguyen
 
Contextual Authentication: A Multi-factor Approach
byPortalGuard
 
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
byHitachi ID Systems, Inc.
 
Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Intern...
byHitachi ID Systems, Inc.
 
Smart card logon in DRAC5
bySriranjan Bose
 

What's hot

PDF
IRJET- Three Step Password Verification by using Random Key Order
byIRJET Journal
 
DOC
Strayer cis 333 week 11 final exam set 3 new
byaagnaa
 
DOC
Strayer cis 333 week 11 final exam set 3 new
byolivergeorg
 
PDF
A Review on Two Level Authentication Using Image Selection and Voice Recognition
byIRJET Journal
 
DOC
Satheesh G
bysatheesh64
 
PDF
ipas implicit password authentication system ieee 2011
byprasanna9
 
PDF
Contextual Authentication
byPortalGuard dba PistolStar, Inc.
 
PDF
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
byIJERD Editor
 
DOCX
M A MOHEED IT
byM A Moheed
 
PDF
Context Based Authentication
byPortalGuard dba PistolStar, Inc.
 
PPT
Top 10 Enterprise Features of Windows Mobile 6
byjasonlan
 
PPT
How to deploy Windows Mobile to 40,000 users
byjasonlan
 
PDF
Graphical Password Authenticationimp.docx2
byRaghu Vamsy Sirasala
 
PPT
Top 10 Security Concerns of Windows Mobile (and how to Overcome them)
byjasonlan
 
PDF
Secure Management of Privileged Passwords
byHitachi ID Systems, Inc.
 
PDF
2p Mta Data Sheet V1.7 X1a
byalwayson
 
DOCX
web based Internet cafe system abstract
byFAKHRUN NISHA
 
DOC
Durga prasad resume
byDurga Prasad
 
IRJET- Three Step Password Verification by using Random Key Order
byIRJET Journal
 
Strayer cis 333 week 11 final exam set 3 new
byaagnaa
 
Strayer cis 333 week 11 final exam set 3 new
byolivergeorg
 
A Review on Two Level Authentication Using Image Selection and Voice Recognition
byIRJET Journal
 
Satheesh G
bysatheesh64
 
ipas implicit password authentication system ieee 2011
byprasanna9
 
Contextual Authentication
byPortalGuard dba PistolStar, Inc.
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
byIJERD Editor
 
M A MOHEED IT
byM A Moheed
 
Context Based Authentication
byPortalGuard dba PistolStar, Inc.
 
Top 10 Enterprise Features of Windows Mobile 6
byjasonlan
 
How to deploy Windows Mobile to 40,000 users
byjasonlan
 
Graphical Password Authenticationimp.docx2
byRaghu Vamsy Sirasala
 
Top 10 Security Concerns of Windows Mobile (and how to Overcome them)
byjasonlan
 
Secure Management of Privileged Passwords
byHitachi ID Systems, Inc.
 
2p Mta Data Sheet V1.7 X1a
byalwayson
 
web based Internet cafe system abstract
byFAKHRUN NISHA
 
Durga prasad resume
byDurga Prasad
 

Similar to Centralized Self-service Password Reset: From the Web and Windows Desktop

PDF
Self-service Password Reset
byPortalGuard dba PistolStar, Inc.
 
PDF
Already Have a Solution?
byPortalGuard
 
PDF
Password Synchronization
byPortalGuard dba PistolStar, Inc.
 
PDF
Self Service Reset Password Management Survey Report
byTools 4 Ever
 
PDF
Sever-based Password Synchronization: Managing Multiple Passwords
byPortalGuard
 
PDF
Configurable Password Management: Balancing Usability and Compliance
byPortalGuard
 
PDF
SSPM Retail
byPortalGuard
 
PDF
Password Synchronization
byPortalGuard dba PistolStar, Inc.
 
PDF
From Password Reset to Authentication Management
byHitachi ID Systems, Inc.
 
PDF
Password management
byPortalGuard dba PistolStar, Inc.
 
PDF
Password Management
byPortalGuard dba PistolStar, Inc.
 
PDF
ADSelf Service Password Flyer
byADSelfServicePlus
 
PPTX
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
byData Con LA
 
PDF
Two-factor Authentication
byPortalGuard dba PistolStar, Inc.
 
PDF
Managing Passwords for Mobile Users
byHitachi ID Systems, Inc.
 
PPTX
Self-service password management and single sign-on for on-premises AD and cl...
byZoho Corporation
 
PPTX
Passwords & security
byPer Thorsheim
 
PPTX
Dell Password Manager Introduction
byAidy Tificate
 
PDF
Password Reset Issues Effectively Solved
byZoho Corporation
 
PDF
Indispensable tool to help with Password Reset Issues
byZoho Corporation
 
Self-service Password Reset
byPortalGuard dba PistolStar, Inc.
 
Already Have a Solution?
byPortalGuard
 
Password Synchronization
byPortalGuard dba PistolStar, Inc.
 
Self Service Reset Password Management Survey Report
byTools 4 Ever
 
Sever-based Password Synchronization: Managing Multiple Passwords
byPortalGuard
 
Configurable Password Management: Balancing Usability and Compliance
byPortalGuard
 
SSPM Retail
byPortalGuard
 
Password Synchronization
byPortalGuard dba PistolStar, Inc.
 
From Password Reset to Authentication Management
byHitachi ID Systems, Inc.
 
Password management
byPortalGuard dba PistolStar, Inc.
 
Password Management
byPortalGuard dba PistolStar, Inc.
 
ADSelf Service Password Flyer
byADSelfServicePlus
 
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
byData Con LA
 
Two-factor Authentication
byPortalGuard dba PistolStar, Inc.
 
Managing Passwords for Mobile Users
byHitachi ID Systems, Inc.
 
Self-service password management and single sign-on for on-premises AD and cl...
byZoho Corporation
 
Passwords & security
byPer Thorsheim
 
Dell Password Manager Introduction
byAidy Tificate
 
Password Reset Issues Effectively Solved
byZoho Corporation
 
Indispensable tool to help with Password Reset Issues
byZoho Corporation
 

More from PortalGuard

PDF
Let's Build a Better Password
byPortalGuard
 
PDF
Designing and Implementing a Secure, Fully Brandable Web Portal
byPortalGuard
 
PDF
Designing and Creating a Secure Web Portal
byPortalGuard
 
PPTX
PortalGuard Product Tour
byPortalGuard
 
PDF
SAML Executive Overview
byPortalGuard
 
PDF
The Role of Password Management in Achieving Compliance
byPortalGuard
 
PDF
PortalGuard Platform
byPortalGuard
 
PDF
Two-factor Authentication: A Tokenless Approach
byPortalGuard
 
PDF
Password Security and CJIS Compliance
byPortalGuard
 
PDF
Avoiding Two-factor Authentication? You're Not Alone
byPortalGuard
 
PDF
Portal Authentication: A Balancing Act Between Security Usability and Complia...
byPortalGuard
 
Let's Build a Better Password
byPortalGuard
 
Designing and Implementing a Secure, Fully Brandable Web Portal
byPortalGuard
 
Designing and Creating a Secure Web Portal
byPortalGuard
 
PortalGuard Product Tour
byPortalGuard
 
SAML Executive Overview
byPortalGuard
 
The Role of Password Management in Achieving Compliance
byPortalGuard
 
PortalGuard Platform
byPortalGuard
 
Two-factor Authentication: A Tokenless Approach
byPortalGuard
 
Password Security and CJIS Compliance
byPortalGuard
 
Avoiding Two-factor Authentication? You're Not Alone
byPortalGuard
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
byPortalGuard
 

Recently uploaded

PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
PDF
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
PPTX
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
PPTX
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
PDF
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
PPT
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
PDF
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
PDF
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
PDF
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
PDF
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
PDF
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
PDF
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
PPTX
Managed Splunk Partner vs In-House: Cost, Risk & Value Comparison
byssuser6ab5a5
 
PDF
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
PDF
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
PPTX
Struggling with Pentaho Limitations How Helical Insight Solves Them.pptx
byVarsha Nayak
 
PDF
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
PPTX
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
PPTX
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
Managed Splunk Partner vs In-House: Cost, Risk & Value Comparison
byssuser6ab5a5
 
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
Struggling with Pentaho Limitations How Helical Insight Solves Them.pptx
byVarsha Nayak
 
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 

Centralized Self-service Password Reset: From the Web and Windows Desktop

  • 1.
    PistolStar, Inc. dbaPortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com © 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved. Centralized Self-service Password Reset: From the Web and Windows Desktop v.3.2-007 Self-service Password Reset Layer
  • 2.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 1 Tech Brief — Centralized Self-service Password Reset PortalGuard Centralized Self-service Password Reset: From the Web and Windows Desktop Table of Contents Summary................................................................................................. 2 The Basics............................................................................................... 2 PortalGuard Centralized Self-service Password Reset ............................ 2 Features .................................................................................................. 3 Benefits ................................................................................................... 4 How it Works ........................................................................................... 4 Enrollment.................................................................................... 4 Self-service Password Reset ....................................................... 7 Configuration ........................................................................................... 9 Deployment ........................................................................................... 10 IIS Install................................................................................................ 11 System Requirements ........................................................................... 11 Supporting Videos ................................................................................. 12 Platform Layers ..................................................................................... 12
  • 3.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 2 Tech Brief — Centralized Self-service Password Reset Summary For companies of all sizes, the task of supporting users can prove to be taxing on the IT staff, especially the Help Desk and Administrators. Most studies show the cost of pass- word resets can range from $25 to $75 per incident and make up around 30 percent or more of Help Desk calls. This provides ample reason and demand for password reset and recovery tools which empower the user. By allowing users to self-service their own ac- count and password management needs, organizations can effectively offer 24/7 access and maintain productivity. Shopping for a tool such as this can be challenging, so the first step is to understand your requirements by documenting your user access scenarios. For example, how will roaming users change their password remotely or how will a forgotten password be recovered on a laptop with an encrypted hard drive. Along with these requirements determining your budget and current Help Desk costs without a solution in place will allow you to forecast your ROI and further narrow down the vendor selection. Another point to consider is the evolution of self-service password reset and whether the vendors you are evaluating are keeping pace. Many tools you’ll find are not compliant with most companies’ current security standards. The problem of forgotten passwords has been around since passwords were first used, but expanding access scenarios and ad- vanced attacks are requiring more advanced solutions. For example, entry point solutions are now expected to go beyond simple password resets to accept multiple scenarios which may include disconnected users, auditing and leveraging devices such as mobile phones. Of course, true success of a self-service password management solution will be measured by the users’ satisfaction and an overall reduction in the frequency of their calls to the Help Desk for support. The Basics Self-service password reset is the process a user initiates to prove their identity with the end goal of resetting their password. Self-service password recovery is similar, but the end goal is obtaining the current password value without changing it. The user can be authenti- cated using various methods. Most tools use challenge question and answer as an acceptable means of authenticating the user. However, associated security threats including easily guessed answers or infor- mation readily available on their Facebook page raise valid concerns. A secure solution puts additional precautions in place. For example, not allowing the same answer for each question, requiring a minimum answer length, and requiring a larger subset of questions (e.g. 3 out of 6) to be answered. For increased security, two-factor authentication can be added to the password reset and/ or recovery to ensure only an authorized user is setting the password. PortalGuard Centralized Self-service Password Reset PortalGuard’s self-service password reset is flexible and offers a complete solution which has evolved with industry demands. By providing the exact same interface for both Win- dows Desktop and Web-based self-service, the user’s learning curve is minimized and overall user adoption is increased.
  • 4.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 3 Tech Brief — Centralized Self-service Password Reset The available self-service actions that PortalGuard offers are password reset, password recovery, and account unlock. These actions can also be performed from mobile devices such as iPads and smartphones. PortalGuard integrates seamlessly with Microsoft Active Directory, Novell eDirectory, any LDAP-compliant directories and custom SQL user reposi- tories. PortalGuard also supports users who are offline or disconnected from the network, allow- ing them to perform a password recovery. In this case, the password is divided into mathe- matically-represented “shares” with each share being AES-256 encrypted by a separate challenge answer. All shares are then bulk encrypted with AES-256 using a separate key and stored locally on the user’s machine. When the user attempts to recover their pass- word, they will be asked to prove their identity by correctly answering a certain number of challenge questions. Once decrypted, the user is shown the password in clear text allow- ing them to continue working. For security purposes, if a disconnected user strikes out while attempting to authenticate, the encrypted recovery information is deleted from the local machine, so the user will be forced to reconnect to the network to perform the recov- ery. To authenticate the user during an online self-service action, PortalGuard leverages chal- lenge questions and answers and/or two-factor authentication via a one-time password sent to a mobile phone or email address. Challenge answers are cryptographically hashed and stored on a central server to support roaming users and prevent the need to re-enroll on multiple machines. By providing auditing and reporting around user access, an Admin App for the mobile phone, and user verbal authentication through a Help Desk console, PortalGuard is a comprehensive self-service password reset solution. Features General:  Provides password reset, recovery and account unlock  Disconnected user support - including lock-out threshold for increased security  Forced user enrollment (optional)  Integrates with Active Directory, Novell eDirectory, any LDAP-compliant directories and custom SQL user repositories  Encrypted hard drive support - perform a password recovery thru PortalGuard on an alternate or mobile device (e.g. Symantec Endpoint Encryption)  Supports multiple authentication methods - challenge questions and answers and two- factor authentication delivered via SMS or Email  Email notifications of password resets to both the user and/or admin  Lock-out thresholds for incorrect responses to authentication attempts  Includes support for mobile browsers Challenge Questions & Answers:  Centralized - challenge information stored on server  Configurable number of mandatory/optional questions  Allows import/pre-population of challenge answers  Prevent repeat answers for multiple challenge questions  Prevent answers from containing words from the question text  Answers can be case sensitive  Configurable minimum length for challenge answers Administrative:
  • 5.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 4 Tech Brief — Centralized Self-service Password Reset  Help Desk Console - provide interface for Help Desk staff to easily perform account ac- tions  Verbal Authentication - allows Help Desk staff to authenticate a user calling in  Administrator Dashboard - logging and reporting of user access activity Windows Desktop Support (shown below):  Supports Windows versions XP, Vista, Windows 7, Microsoft Terminal Services and Re- mote Desktop Services  Self-service directly from Ctrl+Alt+Del/Windows Logon screen - removes need to go to an alternate machine/kiosk or login with a guest account, maintained on each machine Benefits  Increased Usability - users are now empowered to self-service their own needs and maintain productivity  Increased Security - provides two-factor authentication  Centralized Solution - same user interface for both the web and Windows desktop  No Kiosks - perform all self-service actions directly from the user’s machine  Reduced Costs - alleviate password-related Help Desk calls and demands on IT staff  Configurable - to the user, group or application levels  Seamless Integration - use “sidecar” mode to retrofit existing application login screens with the PortalGuard functionality, maintaining the current look and feel you have today How It Works The following steps show the enrollment and process of resetting a password using Portal- Guard’s self-service functionality. The screenshots provided are showing the process be- ing completed from a web browser. A user can also complete the process from the Win- dows desktop using the same steps and identical interface. Enrollment Once self-service password reset is made available, the user will be prompted to enroll their challenge questions and answers. PortalGuard provides flexibility around this process by allowing you to configure whether the enrollment will be forced or able to be postponed “x” number of times by the user. This increases the usability for users, giving them options around a process some may find obstructive. NOTE: If other authentication methods are enforced, such as two-factor authentication, then those enrollment actions will also be displayed, as configured by the admin. Windows XP Desktop SupportWindows 7 Desktop Support
  • 6.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 5 Tech Brief — Centralized Self-service Password Reset Enrollment Process NOTE: The screenshots below illustrate the use of PortalGuard’s “sidecar” functionality. It allows rapid integration of PortalGuard’s self-service features into existing websites or user processes. Step 1: The user attempts to login to a company’s existing portal as usual. Step 2: In this case, the user has not yet enrolled their challenge information so Portal- Guard automatically displays the enrollment screen in “sidecar” mode. This dialog shows that the administrator has configured the PortalGuard policy to allow the option of skipping enrollment temporarily. Doing so will close the PortalGuard dialog and continue the origi- nal login process. The user can enroll now by clicking “Continue”.
  • 7.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 6 Tech Brief — Centralized Self-service Password Reset Step 3: The user is prompted to provide answers to the challenge questions. The number of both mandatory and optional questions the user is required to answer is configurable. PortalGuard also increases security by helping the user perform best practices when sup- plying answers, such as not repeating answers or avoiding using words which are included in the question text. Throughout the enrollment process the user is provided with helpful warning notices, such as the number of answers remaining, to ease the frustrations some may feel during this process. Step 4: The process is complete and the user is now enrolled. Clicking the link shown will close the PortalGuard dialog and continue the original login process.
  • 8.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 7 Tech Brief — Centralized Self-service Password Reset Self-service Password Reset Process Step 1: The user attempts to login to a company’s existing portal but has forgotten their password. The user then clicks the “Forgot your password?” link. Step 2: The user selects from “Recovery Actions Available” which self-service action they would like to perform. The user selects the “Reset Forgotten Password” radio button and clicks “Continue”. NOTE: The dialog shows the most common actions, an account unlock and password re- set, but password recovery is also available.
  • 9.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 8 Tech Brief — Centralized Self-service Password Reset Step 3: The user is then prompted to provide their enrolled answers to the enrolled chal- lenge questions. PortalGuard provides users with helpful warning messages throughout this process. Once the user has supplied the required number of answers they click “Continue”. Step 4: The user’s identity has been verified and they are able to set a new password. Added usability and security features such as the “Show Password” checkbox and virtual keyboard can be easily enabled or disabled.
  • 10.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 9 Tech Brief — Centralized Self-service Password Reset Configuration NOTE: All the following settings are policy specific, so you can have different values for different users/group/hierarchies. Configurable through the PortalGuard Configuration Utility: Main  Self-service options available to users  Authentication types available for each self-service action Authentication Types  Challenge Questions and Answers  Enrollment - optional, required, disabled  Recovery lockout limit  Answer complexity including minimum length, case sensitivity, prevent answer repetition and prevent question words as answers  Number of optional questions  Number of mandatory questions
  • 11.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 10 Tech Brief — Centralized Self-service Password Reset  Mobile Phone  Enrollment - optional, required, disabled  Phone number format  Delivery format  Email  Enrollment - optional, required, disabled  Domain blacklist  Email display  Email format including From, Subject and Body fields  Notifications  Type of self-service including account unlock, password reset and re- covery Deployment Implementation of the PortalGuard platform is seamless and requires no changes to Active Directory/LDAP schema. A server-side software installation is required on at least one IIS server on the network. Additional client-side software is required for performing self- service from the Windows logon screen.
  • 12.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 11 Tech Brief — Centralized Self-service Password Reset IIS Installation A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/ Windows Server 2008, make sure to have installed the following feature roles prior to launching the MSI: 1. All the Web Server Management Tools role services 2. All the Application Development role services 3. All IIS 6 Management Compatibility role services The MSI is a wizard-based install which will quickly guide you through the installation. System Requirements This version of PortalGuard supports direct access and authentication to cloud/web-based applications, only. PortalGuard can be installed directly on the following web servers:  IBM WebSphere/WebSphere Portal v5.1 or higher  Microsoft IIS 6.0 or higher  Microsoft Windows SharePoint Services 3.0 or higher  Microsoft Office SharePoint Server 2007 or later The PortalGuard Web server also has the following requirements on Windows operating systems:  .NET 2.0 framework or later must be installed  (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal- Guard can currently be installed on the following platforms:  Microsoft Windows Server 2000  Microsoft Windows Server 2003 (32 or 64-bit)  Microsoft Windows Server 2008 (32 or 64-bit)  Microsoft Windows Server 2008 R2 NOTE: When run in "Sidecar" mode, PortalGuard can provide its functionality on any web server that uses a HTML login page. If you have a platform not listed here, please contact us at sales@portalguard.com to see if we have recently added support for your platform.
  • 13.
    © 2012, PistolStar,Inc. dba PortalGuard All rights reserved. Page 12 Tech Brief — Centralized Self-service Password Reset Supporting Videos Please view the following videos to watch a demo of PortalGuard’s self-service offerings: Self-service Password Reset, Recovery & Account Unlock (Browser-based) Self-service Password Reset, Recovery & Account Unlock (Windows 7 Desktop) Disconnected Password Recovery Help Desk Console Platform Layers Beyond self-service password reset, PortalGuard is a flexible authentication platform with multiple layers of available functionality to help you achieve your authentication goals:  Contextual Authentication  Tokenless Two-factor Authentication  Real-time Reports / Alerts  Knowledge-based  Password Management  Single Sign-on ###