You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Password Management

EmpowerID Password Management Solution Overview

EmpowerID provides an easy to use password management solution that allows end users to securely reset forgotten passwords and unlock their user accounts. In the event a user requires assistance, helpdesk assisted workflow processes enable IT staff to verify a user's identity and perform a secure password reset. EmpowerID connects to all your system ensuring that a user's passwords are kept up to date.


Key areas of functionality provided by the Password Management solution include:

Web and Mobile Self-Service Reset

The cost of a single password reset in a medium-sized organization is estimated to be $20. By automating portions of the reset process, this figure can be reduced to as little as $3 accompanied by a 30% reduction in help desk calls. EmpowerID allows end-users to perform a self-service reset using an anonymous web-based workflow process. The reset can be performed from their desktop or mobile device at any time of the day or night, without requiring helpdesk assistance. EmpowerID’s wide range of flexible options for verifying end-user identity, makes the process easy to use and very secure.

Adaptive Multi-Factor Identity Verification

Verification of the user’s identity during the password reset process is an important step for preventing security breaches and intrusions. Passwords continue to be the weakest link and they are most vulnerable during the password reset process. Outdated methods which ask users to answer simple questions have proven inadequate and insecure. Multi-Factor Authentication is the only proven means to plug this gap. EmpowerID’s adaptive MFA offers a wide range of secure but easy to use options for validating a user’s identity including one-time passwords, FIDO/Yubikey tokens, 3rd parties such as DUO, as well as the EmpowerID Mobile phone app for push to approve identity verification.

Multiple Password Policies

An organization’s security requirements often differ for internal versus external users as well as for privileged IT administrators. EmpowerID allows an unlimited number of flexible policies to control security and determine password strength and change frequency, as well as the stringency of the process to reset a forgotten password. Flexible password policies assigned by role or attribute define not only password complexity requirements but also settings controlling user’s authentication experience as well as the coarse-grained controls for multi-factor authentication. Admins can report and track user adoption as well as implement policies to force users to enroll for password reset during the login process.

Assisted Helpdesk Password Reset

The goal of a password management tool is to eliminate costly helpdesk calls. Unfortunately, this is not always possible, so a secure method to allow helpdesk staff to assist with the process is needed. EmpowerID includes friendly workflows to allow helpdesk staff to accurately verify the caller’s identity before performing an assisted password reset. All actions are logged and end-users are notified via email that their password has been changed, so that they may verify the validity of the change.

Windows Desktop Login Client

Performing a password reset can pose a problem for corporate users if they become locked out of their PCs. To solve this challenge, EmpowerID offers a friendly password reset client which appears as an additional login option. The password reset client allows users to walk through a simple process and reset a forgotten password. They can even unlock their locked-out account, even though they cannot login to their PC. This process allows them to quickly regain access to their workstations without having to wait for assistance from helpdesk staff, saving time, money, and frustration.

Password Expiration Notifications

Often users are unaware that their password is nearing expiration until it has expired. This is especially true for partners and other types of external identities. To keep users informed in advance of a password or account expiration, EmpowerID includes workflows processes that continually monitor for impending password expirations. Workflows alert the users in advance so they can update their passwords before they expire.

Active Directory Password Change Detection

One challenge faced by password management solutions is losing track of password changes that are made through the native Microsoft interfaces. These include password resets by admins or even when users change their password at the CTRL-ALT-DEL screen in Windows. EmpowerID captures even these password changes using a change detection agent that runs on your Active Directory Domain Controllers. The agent captures password changes and sends them to EmpowerID to sync the password change to all other systems in the user’s password sync list.


Getting Started




Password Manager Policies Overview

Password Manager Policies Overview

Setting Up Password Manager Policies

Setting Up Password Manager Policies

Creating Challenge Questions

Creating Challenge Questions

Assigning Challenge Questions

Assigning Challenge Questions

Assigning Password Policies

Assigning Password Policies

Help Desk Password Reset

Help Desk Password Reset

Password Recovery Center Unlock

Unlocking People from the Password Recovery Center

Resetting Passwords

Resetting Passwords

Sending One-Time Passwords

Sending One-Time Passwords