Specops Software Introduces First Day Password to Secure Employee Onboarding

Today, Specops Software is announcing the release of a new offering to help secure passwords set as part of the employee onboarding process. With First Day Password, organizations will be able to say goodbye to insecure methods of sharing first day passwords and say hello to end users verifying who they are before setting their first day password themselves.

“Customers have been asking us to solve the problem of insecure password sharing ahead of employees’ first days for quite some time,” shared Darren James, Senior Product Manager at Specops Software. “I am excited to share that we are now able to solve this password gap for any organization looking to secure their onboarding passwords.”

The inherent nature of onboarding a user to Active Directory has meant IT departments have been forced to do one of two things (1) share passwords insecurely or (2) make time on that person’s first day to verbally share the first password set for them (or go through their manager).

Sharing passwords ahead of an employee’s first day often means in plain text

IT teams don’t have many options when it comes to sharing an employee’s first password with them ahead of their start date. IT teams usually have just two pieces of information from HR ahead of that first day that they can use (1) personal email address or (2) personal mobile number.

Both of these methods mean sharing a password in plain text (body of the email or SMS). Plain text password sharing opens up the chance for a man-in-the-middle attack to gain access to that password, which could then be leveraged for further damage via other methods like privilege escalation.

Organizations looking to avoid sharing passwords in plain text may instead decide to only share first day passwords verbally.

Sharing passwords verbally on start dates is burdensome

If an organization is looking for more secure first password sharing for new employees, they might ask IT staff to schedule time to share that password themselves with the user on their start date.

Whether in person or remote, this requires IT staff be available for that employee’s start date and available at the time they’ve been asked to log on for their first day.

In some organizations, IT staff may choose to avoid this by sharing the password with the employee’s manager, opening up another point of risk.

Eliminate the Need for First AD Passwords Shared in Plain Text with First Day Password

With First Day Password, organizations never have to share that first password set as part of provisioning a new AD user. With First Day Password, end users can reset that first onboarding password without ever knowing that password themselves.

How it works

First Day Password allows new employees to set their first passwords via an enrollment link shared with them via text, their personal email, or via the “reset my password” link on their domain-joined device.

The first screen new employees see after clicking the First Day Password enrollment link
The first screen new employees see after clicking the First Day Password enrollment link

Once they hit continue, end users will be asked to verify who they are by one of two methods (personal email or text).

First Day Password end user needs to verify who they are before setting their first password
First Day Password end user needs to verify who they are before setting their first password

Once that verification is complete, the new end user will proceed to a dynamic feedback screen to set their password.

The dynamic feedback screen that helps an end user set their first password that complies with an organization’s password policy
The dynamic feedback screen that helps an end user set their first password that complies with an organization’s password policy

First Day Password customers who are also using Specops Password Policy and Breached Password Protection can encourage longer passwords with the length-based password aging meter shown above as well as block the use of over 4 billion known compromised passwords.

“Any security gap, especially when it comes to passwords, is one our customers care about closing,” shared James. “With First Day Password, we are continuing to help our customers strengthen their security postures in on-prem and hybrid environments.”

Try First Day Password Today

Have questions about how First Day Password could work for your environment? Want to see a demo of the full solution? Get in touch.

(Last updated on May 10, 2024)

Back to Blog