FastPassCorp
Password Security Made Easy - PASSWORD RESET, PASSWORD RECOVERY, ADMINISTRATOR PASSWORD, XP PASSWORD, SECURITY, PASSWORD GENERATOR, PASSWORD SOFTWARE, PASSWORDS, ACTIVE DIRECTORY, SERVICE PROVIDER, HELP DESK, IDENTITY MANAGEMENT

HOME    PRODUCTS    SCREENSHOTS    PARTNERS    NEWS & EVENTS    ABOUT     DOWNLOADS    JOBS@FASTPASS    CONTACT US


Password Reset from a Browser on a Distrusted Network

John is on a business travel and is sitting in the hotel lobby and wants to use a public PC to write report of today’s activities. He is trying to access the web based CRM solution which maps to Active Directory users for authentication. Unfortunately it turns out that John has forgotten his password which he was forced to change just before the weekend.

John remembers that he enrolled into a Password Management solution and he remembers that he wrote the URL in his notebook. He connects the browser to the FastPass Password Manager Client which the company has installed in a DMZ and he is soon ready to initiate the process of resetting his password.

John clicks on the "Reset Password" menu item. This calls up the "Identify User" page and John enters johnd (JD####), selects the domain and clicks on the "Continue" button.

Because he is accessing from a distrusted network he applies to a multi factor authentication flow. This is of course to prevent “the whole world” from snooping into the registered Challenge/Response details of the enrolled users and the FastPass Password Manager solution includes different options for this. Security administrators at Johns company have made alternative configurations to cover different users and since John has a mobile number registered in AD the option used for him will be SMS PIN.

He waits for the PIN to arrive to his mobile phone and when it does he enters it and clicks on the "Continue" button.

Since the specified PIN was validated as correct the system now requests John to respond with correct answers for two of the registered questions.

He enters the answers and clicks on the "Continue" button.

Note: The questions are randomly selected of the registered questions but the same questions are used throughout one session to give a higher protection against social engineering attacks.

Since all answers were verified as correct the system now allows John to specify a new password.

He enters the new password as wanted and confirms it.

The password is now reset on the AD and is going through all policy checks exactly as if the user would have changed the password from the Windows Security dialog.

Since the specified password was considered as valid by the system John is now presented to a confirmation page.

If the password hat not been verified as valid/proper a message explaining this would have been shown and the user would have been requested to repeat the step.

John's password has now been reset and he can now access the web based CRM solution and write his report.
NEWS

22-Jul-2008
New whitepaper. FastPass Password Manager V. 3
17-May-2008
Press Release
14-Mar-2008
FastPassCorp Invited as Key Seminar Speaker

More news...

FastPassCorp offerings

FastPassCorps password management solution, Password Manager, is the industry standard for secure, self-service password reset and synchronization.
Help Desk can eliminate the #1 reason why users call
Users can securely reset and synchronize their own passwords across the enterprise 24x7 for maximum productivity and efficiency
Eliminates loopholes in manual password reset processes and help to enforce strong password management policies
FastPassCorp