EmpowerID provides an 's Password Management solution is designed to minimize account lockouts, reduce help desk calls, and improve user experience by offering a secure, flexible, and easy-to-use password management solution that allows end-users to securely reset forgotten passwords and unlock their user accounts.
Key areas of the functionality provided by the Password Management solution include:
Password Encryption
While EmpowerID's portal can be configured to authenticate users via federation, by default EmpowerID uses itself as an Identity Provider and authenticates users accessing the application via standard username and password submission. system. With a comprehensive range of features, EmpowerID helps organizations save costs while maintaining a high level of security and compliance. In this overview, we will describe each feature in detail, highlight its importance for password management, and suggest use cases and scenarios in which organizations can benefit from each feature.
Password Encryption
EmpowerID ensures that all passwords are securely encrypted using industry-standard algorithms, safeguarding sensitive data from unauthorized access. This feature is crucial for maintaining the integrity of an organization's information system and preventing data breaches.
| Info |
|---|
User-provided passwords are stored as non-reversible SHA-512 hashes, computed with a unique salt (unique per user and not accessible outside the system). These safeguards make it virtually impossible to reverse-discover a |
...
user’s password, even if the stored hash is inadvertently exposed. During authentication, the hash is computed with the user-supplied value (and system-supplied salt) and compared to what |
...
is stored in the database; the |
...
user’s password is considered valid if |
...
both hashes match. Safeguards are put in place to prevent brute-force attacks that attempt to guess a |
...
| Note |
|---|
EmpowerID strongly recommends you add extra security to your portal by supplementing the default out-of-the-box username and password authentication with MFA and/or Passwordless loginuser’s password. |
Use Case: Organizations handling sensitive customer data, such as financial institutions and healthcare providers, can benefit from robust password encryption to protect their valuable information.
Web and Mobile Self-Service Reset
The cost of a single password reset in a medium-sized organization is estimated to be $20. By automating portions of the reset process, this figure can be reduced to as little as $3 accompanied by a 30% reduction in help desk calls. EmpowerID allows end-users to perform a self-service reset using an anonymous web-based workflow process. The reset can be performed from their desktop or mobile device at any time of the day or night, without requiring helpdesk assistance. EmpowerID’s wide range of flexible options for verifying end-user identity makes the process easy to use and very secureself-service reset feature allows users to securely reset their passwords via web and mobile interfaces without requiring assistance from the help desk. This feature reduces help desk calls and improves user experience by providing a convenient password reset option.
Use Case: Remote employees or users who frequently travel can easily reset their passwords using their mobile devices, ensuring uninterrupted access to critical applications and services.
Adaptive Multi-Factor Identity Verification
Verification of the user’s identity during the password reset process is an important step for preventing security breaches and intrusions. Passwords continue to be the weakest link and they are most vulnerable EmpowerID's adaptive multi-factor identity verification strengthens password security by requiring users to provide additional forms of authentication during the password reset process. Outdated methods which ask users to answer simple questions have proven inadequate and insecure. Multi-Factor Authentication is the only proven means to plug this gap. EmpowerID’s adaptive MFA offers a wide range of secure but easy-to-use options for validating a user’s identity including one-time passwords, FIDO/YubiKey tokens, 3rd parties such as DUO, as well as the EmpowerID Mobile phone app for push to approve identity verificationThis feature ensures that only authorized users can reset their passwords, further enhancing security.
Use Case: Organizations with strict regulatory requirements, such as those operating in the finance or healthcare sectors, can use adaptive multi-factor identity verification to maintain compliance and protect sensitive data.
Multiple Password Policies
An organization’s security requirements often differ for internal versus external users as well as for privileged IT administrators. EmpowerID allows an unlimited number of flexible policies to control security and determine password strength and change frequency, as well as the stringency of the process to reset a forgotten password. Flexible password policies assigned by role or attribute define not only password complexity requirements but also settings controlling the user’s authentication experience as well as the coarse-grained controls for multi-factor authentication. Admins can report and track user adoption as well as implement policies to force users to enroll for password reset during the login processEmpowerID allows organizations to create and manage multiple password policies tailored to their specific security requirements. This feature enables organizations to enforce different password complexity rules, expiration periods, and other criteria for various user groups or applications.
Use Case: A multinational corporation can implement different password policies for different departments or regions to accommodate local regulations and security requirements.
Assisted Helpdesk Password Reset
The goal of a password management tool is to eliminate costly helpdesk calls. Unfortunately, this is not always possible, so a secure method to allow helpdesk staff to assist with the process is needed. EmpowerID includes friendly workflows to allow helpdesk staff to accurately verify the caller’s identity before performing an assisted password reset. All actions are logged and end-users are notified via email that their password has been changed, so that they may verify the validity of the changeFor situations where users require assistance with their password resets, EmpowerID provides a secure and streamlined helpdesk-assisted password reset process. This feature ensures that helpdesk personnel can securely assist users without compromising sensitive information.
Use Case: An organization experiencing a high volume of password-related helpdesk calls can use this feature to efficiently handle user requests while maintaining security and compliance.
Windows Desktop Login Client
Performing a password reset can pose a problem for corporate users if they become locked out of their PCs. To solve this challenge, EmpowerID offers a friendly password reset client which appears as an additional login option. The password reset client allows users to walk through a simple process and reset a forgotten password. They can even unlock their locked-out account, even though they cannot login to their PC. This process allows them to quickly regain access to their workstations without having to wait for assistance from helpdesk staff, saving time, money, and frustration.
Password Expiration Notifications
Often users are unaware that their password is nearing expiration until it has expired. This is especially true for partners and other types of external identities. To keep users informed in advance of a password or account expiration, EmpowerID includes workflows processes that continually monitor for impending password expirations. Workflows alert the users in advance so they can update their passwords before they expireEmpowerID's Windows desktop login client allows users to securely reset their passwords directly from the Windows login screen, providing a seamless user experience and reducing help desk calls.
Use Case: Organizations with a large number of Windows desktop users can benefit from this feature by simplifying the password reset process and improving overall productivity.
Password Expiration Notifications
To help users maintain compliance with password policies, EmpowerID sends password expiration notifications via email or SMS, reminding users to change their passwords before they expire.
Use Case: Companies with strict password expiration policies can use this feature to ensure employees proactively update their passwords, reducing the risk of account lockouts and potential security vulnerabilities.
Active Directory Password Change Detection
One A common challenge faced by in password management solutions is losing track maintaining accurate records of password changes that are made through the native Microsoft interfaces. These include password resets by admins or even when , such as when admins reset passwords, or users change their password passwords at the CTRL-ALT-DEL screen in Windows. EmpowerID captures even these password changes using addresses this issue with an Active Directory Password Change Detection feature, which uses a change detection agent that runs running on your Active Directory Domain Controllers.
The agent captures password changes and sends them to EmpowerID to sync , ensuring the password change to is synchronized across all other systems in the user’s password sync listuser's password sync list. This feature helps maintain consistency and accuracy in password management, reducing the risk of account lockouts and enhancing overall security.
Use Case: Organizations that rely heavily on Active Directory for user authentication can benefit from this feature by ensuring that all password changes are consistently tracked and synchronized across multiple systems, minimizing the chances of user access issues and potential security vulnerabilities.
By leveraging EmpowerID's comprehensive Password Management features, organizations can improve user experience, reduce costs, and enhance security and compliance. Each feature plays a vital role in maintaining a secure and efficient password management system, ensuring that organizations can effectively protect their digital assets.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|