Ban weak passwords from Active Directory
Contact UsFirst Day Password removes the security gap left in many organization onboarding processes: sharing the initial password for a new hire. IT teams looking to onboard many users or remote users often result to sharing passwords via plain text methods like email or SMS. Such methods introduce a security gap that can open up the organization to man-in-the-middle attacks.
With First Day Password, IT teams can ensure new hire passwords are secure and compliant with their organization’s password policy from day one, minute one while also never having to share a password themselves.
Feature Highlights
Feature Highlights | First Day Password | Other Solutions |
---|---|---|
Enrollment link for new hires to securely set their own passwords | Yes | No (password sharing often done in plain text via SMS or email) |
Customizable enrollment link settings | Yes (custom expiry, custom postdating) | No |
Updates locally cached credentials | Yes (on or off VPN) | No |
Verify end user identity prior to setting first password | Yes (Mobile code, personal email) | No |
Dynamic password policy display | Yes | No |
Compromised password check | Yes, block over 4 billion known compromised passwords (with Breached Password Protection) | No |
Reporting | Yes | No |
How does it work?
First Day Password is part of Specops uReset and is natively integrated with Active Directory. Configuration of the system is done using Group Policy, without introducing added complexity to your environment. This means that no external database is required to store password related information, with user data is stored directly in Active Directory.
Specops uReset consists of the following components and does not require any additional resources in your environment. The authentication engine, web, and identity services are hosted in the cloud.
What does it look like?
New hires will receive an enrollment link to their mobile or personal email from their IT staff, inviting them to set their first password. If end users do not click that link before logging on to their device for the first time, they can set their first password via the ‘Reset password’ link on the Windows logon screen on their corporate laptop.
After clicking the enrollment link shared via email or mobile or clicking the ‘Reset password’ link on the logon screen, end users will arrive at the “Setting a password” screen.
When they click continue, they will be asked to verify their identity either via mobile code or via their personal email, as configured by their IT team.
Once their identity is verified, the new hire will be invited to set their password via a dynamic and customizable password policy rules display to guide users with real-time feedback as they are typing in their new password.
This allows users to self-correct before submitting the new password and ultimately reduce calls to the service desk.
Specops uReset customers using Specops Password Policy can also display length-based password aging and compromised password check feedback
Get a demo of First Day Password
Ready to see how First Day Password works in your environment? First Day Password is a part of Specops uReset, aself-service solution that enables end users to address the most common tasks related to Active Directorypassword management including forgotten passwords, locked out accounts, password resets/changes, and sharingnew hire passwords.
Click here to set up a demo or trial today of Specops uReset and First Day Password.