Self-service password reset

Our enterprise self-service password reset software allows organizations to eliminate password reset calls to the IT service desk. The solution enables users to securely reset their Active Directory passwords, from anywhere, using any device. End-users can initiate the password reset process from any browser, their mobile device, or right from the Windows logon screen on their workstations. With security features like multi-factor authentication, and geo-blocking, our password reset solution is consistent with the high level of security you expect. Available on-premises, or as a hybrid solution.

Try Specops uReset!
  • mfa password icon

    Multi-factor identity verification

    The Specops enterprise password reset software allows users to verify their identity using a wide range of identity providers, including Duo Security, Okta, PingID, and a biometric option. Multiple authentication options guarantee that users will complete the password-reset task, even if an identity provider is unavailable. For example, if a user does not have their mobile device when a password reset need arises, they can still verify with social identity providers.

    The multi-factor identity verification process extends to the helpdesk. Instead of verifying users with security questions, the helpdesk staff can use the solution to verify users with any of the identity providers in their enrollment, including the option to send a one-time code to the mobile number associated with the user’s account.

    Read More
  • Password reset for remote users

    Our password reset tool enables remote users to manage their passwords, without calling the helpdesk. The solution prevents account lockouts by updating the local cached credentials, even when a Domain Controller cannot be reached. When a user’s password expires, they can reset their password right from the Windows logon screen.

    If a remote user was to lock themselves out of their account, the tool will enable them to unlock their account. Upon successful authentication, the user can unlock their account with the option to reset their password. Allowing users to manage this process reduces the helpdesk burden where the remote workforce is concerned.

    Read More
  • Enrollment enforcement

    To help users get started with the self-service tool, Specops offers flexible enrollment options. Administrations can automatically enroll users to the password reset system, without requiring users to do anything. This can be achieved with any identity provider that has identifier information in Active Directory (for example: Mobile Code, Duo Security, Symantec VIP, Okta, PingID, and more).

    Administrators can also guide users to the enrollment process via notifications. Enrollment notifications can include emails, a balloon tip pop-up, or even an unclosable fullscreen browser when the user logs in to Windows. The tool also offers various reports to help you keep track of your enrollment progress.

    Read More

Sound like a good fit?

Get in touch

Getting started with self-service password reset

Active Directory password resets and account lockouts are a burden on IT departments everywhere. By some estimates, 40% of all helpdesk calls are password related. A self-service password reset solution enables employees to reset their forgotten Windows passwords, and manage account lockouts, without calling the helpdesk.

For IT departments, there are many benefits with using a self-service password reset solution beyond self-service. Whether it’s email or on-screen password notification reminders to encourage users to change passwords before they expire, or the ability to update the locally cached credentials for remote workers, it ultimately means spending less resources on password-related issues.

For users, it’s about convenience. A self-service password reset solution means availability and access, no matter the time, location, or device.

Employee identity verification beyond security questions

Security is key when evaluating a self-service password reset tool. When a user can’t remember their password, they need another method to prove their identity. Security questions are the most common form of identity verification during self-service password reset. Common examples of security questions include:

  • What was the name of your first pet?
  • Where did you attend high school?
  • What is the name of your favorite sports team?

It goes without saying that answers to such questions are susceptible to social engineering. Social engineering is a form of hacking – a hacker tricks the system into thinking they are an authorized user by using information that is readily available. With more and more of our personal information making its way online, this method of authentication is called into question.

Identity verification with multiple factors can reduce the risk of social engineering attacks. For more on how additional authentication factors can strengthen security, see our best practices for identity verification.

Social engineering is a common tactic against service desks.

Self-service password reset tool comparison

There are a number of solutions that can help end users help themselves. These solutions rely on the same basic features including an administration console, an end-user website for users, and a client application that adds logon assistance to the Windows logon screen. For additional security and flexibility, consider the following evaluation questions:

  • Does the solution use more than just security questions to verify users? Multi-factor authentication helps users access the self-service password reset system without using security questions.
  • Where and how is data stored? Choose a solution that does not use an external database to store user data, enrollment data, or passwords.
  • Does the solution report on system usage and password resets? Reporting capabilities can help track system usage, and event activities such as the number of password resets and account unlocks. This data allows you to measure your return on investment.
  • Is the solution user-friendly? Users prioritize convenience over security. A common barrier in the self-service password reset process is the inability to set a new password that fulfills the complexity requirements. Look for a solution that displays the password complexity rules to help users satisfy the policy on the first try.

For more advanced features, and how our password reset solution measures, see our comparison of self-service password reset tools for Windows.

Password reset best practices for the helpdesk

The helpdesk staff plays an important part in the success of your self-service password reset solution. They need to know what is going to change, why the organization is making the change, and what they need to do differently. When users contact the helpdesk, a consistent approach that guides users to self-service is the only way to stop old-habits.

The launch of the password reset program is also a good time to re-educate your helpdesk on the latest security measures for protecting accounts and passwords. Afterall, password resets make a great target for cybercriminals skilled in social engineering. Without the right controls in place, an attacker can request a password reset while impersonating a legitimate user. Social engineering is extremely common, and can be quite successful when using security questions. Look for a solution that allows the helpdesk to verify users with high-trust methods during password resets. See our help desk security best practices to get started.

Employees and self-service password reset adoption

You have purchased a self-service password reset system, now comes the hard part. You will be asking employees to change – convincing them to use the system, instead of calling the helpdesk. It’s not enough to simply ask users to use the system. System adoption is most effective with the right solution in place.

Enrollment is the process of collecting end user information to verify their identity when they forget their password. Without an enrollment, users can’t use the self-service password reset solution. An effective solution includes features that encourage the enrollment process. Enrollment reminders via email and SMS are effective in guiding users through the process. For more impact, notifications should be configured to appear when the user logs into their account.

To make self-service adoption easier, you can remove the task from end users altogether. This can be done with authentication methods that have identifier information stored in Active Directory, such as mobile number (mobile verification code), or even high-trust authentication investments such as Symantec VIP, and Duo Security. An administrator would pre-enroll all of the users into the self-service system based on the information stored in Active Directory. Want more tips? Check out our top tips for employee self-service password reset adoption.

To ensure a return on investment, users have to actually use the system.

Try our password reset solution

Want to strike the right balance between security and usability? Specops eases the pain of forgotten passwords and account lockouts. The solution goes beyond knowledge-based authentication, revolutionizing self-service with a flexible authentication engine that includes high-trust authentication methods and auto-enrollment options. With our password reset solution, users always have a secure way to reset their password – from any location, device, or browser!


  • Accessible from any web browser, the Windows logon screen, the mobile app
  • Updates the local cached credentials for remote users
  • Helpdesk interface for verifying users, unlocking user accounts and setting temporary passwords
  • Enrollment enforcement and auto-enrollment options
  • Enrollment notifications via system tray, email, or unclosable fullscreen browser
  • Statistics and audit reporting to view usage and track system events
  • User interface available in multiple languages including German, French, Spanish, Japanese, simplified Chinese, and many more
  • 15+ identity providers to enable authentication choice and increase security
  • Customizable user interface, change the text, logo, and colors
  • Google re-CAPTCHA to prevent username harvesting

Simple to install and configure

In just a few minutes you’ll have online password reset with multiple third-party identity providers configured in no time.

Try it for FREE, today!

Please fill in your information to start your free trial. All fields are mandatory.

Additional Resources

Gold Award on!

Brien Posey, “It does exactly what it is supposed to do, without any needless complexity standing in the way of efficiency.”

Full Review

Windows expert review on

Timothy Warner, “…you’ll find uReset works exactly as advertised and is user-friendly enough to be comfortable for the most stubborn employee you support.”

Full Review

Mobile workforce manages passwords around the clock

Allan Myers needed a way for their mobile workers to manage their password-related tasks any time of day on any device.

Read More

Removing weak passwords for Cyber Essentials

To show their commitment to cybersecurity, the Greater Manchester West Mental Health NHS Foundation Trust used Specops Password Policy to block weak passwords.

Read More