Self-service password reset –what is the most fitting solution to answer emerging IT qualms
Self-Service Password Reset solution is a technology which enables domain users to unlock their account password by themselves, often authenticating with an alternate procedure, instead of seeking assistance from IT helpdesk. Such solutions, found a dime a dozen these days, mostly function the same way. Here’s a typical scenario:
A user forgets his account login password; now instead of calling at helpdesk or raising an IT ticket, he directly resets his password on his own by answering the preset security questions linked with his account password settings through a browser. Since, this process is typically web-based; a user must launch a web browser to fix the problem and for that he/she needs to access a system—but ironically the user actually cannot log in to his workstation until the problem is solved.
That’s a classic paradoxical situation. Thus, a big hurdle faced by organizations is enabling users to access a workstation if they forgot their primary password. There are a few ways to address this Catch-22. “A catch-22 is a situation in which someone is in need of something that can only be had (sic) by not being in need of it”, as explained in Wikipedia. This term was originally coined by Joseph Heller in his 1961 satirical novel Catch-22.
What are the alternatives?
The first option is to use a coworker’s workstation. The user who has forgotten his password can request his colleague to allow access to his system, open a browser and reset his password using his client portal. But this is a risky business as ideally a user is designated to access only his workstation. A potential intruder may take advantage of this situation and get along with a lot of unethical information if the actual user is physically absent or oblivious to his intentions.
Another solution is vouching upon the coworker instead of actually performing it on his/her workstation. Users need to authorize coworkers in advance as who can reset their account password on their behalf. This can typically help in a situation where a user who is physically away from the corporate network and forgot his PC's login password, an authorized co-worker can resolve the issue. However, in this scenario, the problem lies in determining which users should have the ability to authorize whom. Along with, the traditional method of calling at helpdesk alternative always remains but doesn’t that fail the whole self password reset paradigm.
So, what can be an ideal solution?
An ideal solution would be allowing users to tackle the workstation availability paradox without choosing alternate options. A relatively better option is to let users reset their password directly from their logon screen itself, typically the ALT+CTRL+DEL screen. Users are presented with a restricted web browser at their login screen with the only possibility to reset his password without logging into the system.
Lepide Active Directory Self-Service uses this advanced technology to allow users to not look further and easily perform password reset and account unlock activity from their logon screen itself. Users can also update their Active Directory attributes through their client portal. Since, this kind of technology directly allows access to computer resources, precisely a web browser, to reset passwords without first authenticating to the computer; security must be of high priority.
To see how Lepide Active Directory Self Service performs and ensures complete security while performing self-service activities, visit http://www.lepide.com/active-directory-self-service/