Resetting password? Just put your finger on it
(Last updated on July 3, 2020)
It’s no secret that people hate passwords. Organizations often require passwords to be at least eight characters long and include lowercase letters, uppercase letters, number and special characters. While these complexity requirements barely make passwords secure, they are enough to cause headaches to users because human brains are not designed to remember random passwords. With regulations such as PCI-DDS, Sarbanes-Oxley and HIPAA requiring or recommending passwords to be changed at regular intervals, it is inevitable the helpdesk gets bombarded with password reset requests.
Resetting passwords with “not-so-secret” questions
Many organizations have self-service password reset solutions that require users to answer secret questions, also known as security questions, to reset their passwords but unfortunately people simply can’t recall something they set up a while ago. Not only can secret questions create usability issues but also cause security concerns because some of the answers to them can be easily found online and are susceptible to social engineering. Numerous regulations require organizations to implement proper measures to ensure only appropriately authenticated users have access to resources. This is not only limited to authenticating user identity when accessing applications but also re-gaining access during a password reset. Since secret questions are plagued with problems, what is the better way to authenticate users during a password reset?
Your finger, your password
Biometrics such as fingerprints rely on something unique to everyone – your physical features. Biometrics can’t be shared, duplicated or easily forged, but can increase the accuracy of authentication and effectively prevents any unauthorized person from gaining access to sensitive data. Allowing users to reset their passwords using fingerprints makes the process simple because it does not rely on any user action – they don’t need to learn, do or remember anything, they just need to be. The glorious simplicity doesn’t have to come with high costs. With the arrival of smartphones with fingerprint technology such as Apple Touch ID and Android 6.0, you can take advantage of mobile devices that users already own.
Take security up a notch – or two
Biometrics is one of the most secure methods of authentication but is it 100 percent secure? No, because no authentication method is 100 percent secure. For some users that have a higher security clearance, such as financial aid administrators or senior level executives, you can increase security by requiring an additional form of identification to verify them. Common forms of identification such as secret questions, physical tokens and SMS codes aren’t robust enough by themselves but when used with biometrics can greatly improve security. This approach is called two-factor authentication – requiring users to provide two of the following: something they know (username and password), something they have (security token) or something they are (fingerprint).
Win-win situation for helpdesk and users
Specops uReset supports more than 20 identity services including fingerprint authentication, phone-as-a-token authentication, social and popular SaaS identities, mobile One Time Passcode and other traditional options. IT administrators have the ability to pick and choose which identity service(s) users need to authenticate with based on user role. When a password reset need arises, users can simply access Specops uReset via any internet-connected device using any web browser or mobile application. All they need to do is authenticate themselves using the identity services they previously enrolled with. When resetting a password is so simple, users have no reason to call the helpdesk but follow the path of the least resistance – resetting their own passwords using Specops uReset.