You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Password Management Overview
EmpowerID's Password Management solution is designed to minimize account lockouts, reduce help desk calls, and improve user experience by offering a secure, flexible, and easy-to-use password management system. With a comprehensive range of features, EmpowerID helps organizations save costs while maintaining a high level of security and compliance. In this overview, we will describe each feature in detail, highlight its importance for password management, and suggest use cases and scenarios in which organizations can benefit from each feature.
Password Encryption
EmpowerID ensures that all passwords are securely encrypted using industry-standard algorithms, safeguarding sensitive data from unauthorized access. This feature is crucial for maintaining the integrity of an organization's information system and preventing data breaches.
User-provided passwords are stored as non-reversible SHA-512 hashes, computed with a unique salt (unique per user and not accessible outside the system). These safeguards make it virtually impossible to reverse-discover a user’s password, even if the stored hash is inadvertently exposed. During authentication, the hash is computed with the user-supplied value (and system-supplied salt) and compared to what is stored in the database; the user’s password is considered valid if both hashes match. Safeguards are put in place to prevent brute-force attacks that attempt to guess a user’s password.
Use Case: Organizations handling sensitive customer data, such as financial institutions and healthcare providers, can benefit from robust password encryption to protect their valuable information.
Web and Mobile Self-Service Reset
The self-service reset feature allows users to securely reset their passwords via web and mobile interfaces without requiring assistance from the help desk. This feature reduces help desk calls and improves user experience by providing a convenient password reset option.
Use Case: Remote employees or users who frequently travel can easily reset their passwords using their mobile devices, ensuring uninterrupted access to critical applications and services.
Adaptive Multi-Factor Identity Verification
EmpowerID's adaptive multi-factor identity verification strengthens password security by requiring users to provide additional forms of authentication during the password reset process. This feature ensures that only authorized users can reset their passwords, further enhancing security.
Use Case: Organizations with strict regulatory requirements, such as those operating in the finance or healthcare sectors, can use adaptive multi-factor identity verification to maintain compliance and protect sensitive data.
Multiple Password Policies
EmpowerID allows organizations to create and manage multiple password policies tailored to their specific security requirements. This feature enables organizations to enforce different password complexity rules, expiration periods, and other criteria for various user groups or applications.
Use Case: A multinational corporation can implement different password policies for different departments or regions to accommodate local regulations and security requirements.
Assisted Helpdesk Password Reset
For situations where users require assistance with their password resets, EmpowerID provides a secure and streamlined helpdesk-assisted password reset process. This feature ensures that helpdesk personnel can securely assist users without compromising sensitive information.
Use Case: An organization experiencing a high volume of password-related helpdesk calls can use this feature to efficiently handle user requests while maintaining security and compliance.
Windows Desktop Login Client
EmpowerID's Windows desktop login client allows users to securely reset their passwords directly from the Windows login screen, providing a seamless user experience and reducing help desk calls.
Use Case: Organizations with a large number of Windows desktop users can benefit from this feature by simplifying the password reset process and improving overall productivity.
Password Expiration Notifications
To help users maintain compliance with password policies, EmpowerID sends password expiration notifications via email or SMS, reminding users to change their passwords before they expire.
Use Case: Companies with strict password expiration policies can use this feature to ensure employees proactively update their passwords, reducing the risk of account lockouts and potential security vulnerabilities.
Active Directory Password Change Detection
A common challenge in password management solutions is maintaining accurate records of password changes made through native Microsoft interfaces, such as when admins reset passwords, or users change their passwords at the CTRL-ALT-DEL screen in Windows. EmpowerID addresses this issue with an Active Directory Password Change Detection feature, which uses a change detection agent running on your Active Directory Domain Controllers.
The agent captures password changes and sends them to EmpowerID, ensuring the password change is synchronized across all other systems in the user's password sync list. This feature helps maintain consistency and accuracy in password management, reducing the risk of account lockouts and enhancing overall security.
Use Case: Organizations that rely heavily on Active Directory for user authentication can benefit from this feature by ensuring that all password changes are consistently tracked and synchronized across multiple systems, minimizing the chances of user access issues and potential security vulnerabilities.
By leveraging EmpowerID's comprehensive Password Management features, organizations can improve user experience, reduce costs, and enhance security and compliance. Each feature plays a vital role in maintaining a secure and efficient password management system, ensuring that organizations can effectively protect their digital assets.