Use MFA for password resets
Specops uReset enhances login security by extending multi-factor authentication to self-service password management. The solution supports common authenticators, such as security questions, and mobile verification codes, in addition to numerous digital identity providers ranging from personal (e.g. LinkedIn) to company (e.g. Duo Security), as well as higher trust methods (e.g. Fingerprint authentication).Read More
Multiple authentication options guarantee that users will complete the password-reset task, even if an identity provider is unavailable. For example, if a user does not have their device when a password reset need arises, they can still verify with the social identity providers in their enrollment. Since not all identity providers are equally secure, administrators can assign each identity provider with a trust value, based on their perceived level of security. This means that one identity provider can be worth twice as much as another during authentication. Users who choose high-trust providers will have fewer steps before they can reset their account. For more information about the authentication configuration options, see the blog: What to consider when using Specops uReset MFA.
Secure helpdesk user verification
The helpdesk is a popular target for hackers. The most popular tactic used is social engineering. While social engineering is likely when using security questions, it is much less common if multi-factor authentication is used. Specops uReset enables the helpdesk to verify the accounts of users, using any of their enrolled identity services, or by sending a text message to the mobile number associated with the user’s account.Read More
The multi-step process makes it more difficult for hackers to impersonate a user. Once a user has their identity verified, the helpdesk can set a new password and require the user to change it at next login.
Store user data in Active Directory
Where and how data is stored is an important aspect to the security of password reset software. Specops uReset does not store user, enrollment, or password data in a separate database. A separate database means additional costs, and security risks. All password-related data is stored on the user object in Active Directory.Read More
Data security concerns also includes who is able to access the user data. Access to the administrator and helpdesk pages on the uReset web is secured with a stronger multi-factor authentication policy. Sensitive data will always stay private, even from administrators and helpdesk users.
Interested in the on-premises alternative?Learn more
- 15+ identity providers to enable authentication choice and increase security
- Updates the local cached credentials for remote users
- Accessible from any web browser, the Windows login screen, or the uReset mobile applications
- Helpdesk interface for verifying end-users, unlocking user accounts, and setting temporary passwords
- User enrollment enforcement and auto-enrollment options
- Statistics and audit reporting to view usage and track system events
- Multi-language support: Czech, Dutch, English, French, German, Japanese, Korean, Polish, Portuguese, Russian, Simplified Chinese, Spanish, and Swedish
- Redundancy with multiple Gatekeepers to ensure high uptime and availability
- Customizable user interface
- Real-time password blacklist validation at password reset/change (when used with Specops Password Policy)
- Block/allow self-service password resets by geographical location (country), or specific IP address
Try it for FREE, today!
Please fill in your information to start your free trial. All fields are mandatory.