The biggest businesses in different industries trusts FastPassCorp
Why Trust FastPassCorp?
The IT department of London Metropolitan University supports more than 12,000 students and 2000 staff members in the UK.
The FastPass implementation was very quick and it has become the main tool for password management within our community.
We now use the help desk pin for providing passwords to new accounts with a secret, system-generated password. We have seen an 80% reduction in assisted password resets.
Oliver Holmes
Deputy Director, Technology and Operations,
GET IN ONE CLICK
FastPass Corporate Overview
FastPass offerings
Find the right solution for you from the FastPass offerings:
FastPass Enterprise
FastPass Enterprise covers self-service of passwords with a compliant and secure process for large organizations. The results are high productivity through high adoption and ease-of-use for all types of corporations.
FastPass Enterprise covers all types of corporate passwords (Windows / SAP/ Oracle / IBM i, etc.)
FastPass for Active Directory
FastPass for Active Directory lets you start with an advanced and automatic platform for AD passwords. You can later add functionality as your requirements increase. Reach 90%+ adoption rate with forced enrolment and rich authentication options.
FastPass covers Active Directory, Multi-AD, Multi-forest AD, Azure AD, Hybrid Azure AD.
Password Synchonization
For medium and large organizations password synchronization is a quick and effective way to help users having fewer passwords to remember.
FastPass synchronizes automatically all password changes from Active Directory to your other types of corporate passwords like SAP/Oracle/IBM. Even when users have different user-ids FastPass will synch correctly.
MSP Password Self Service
FastPass MSP is a multi-tenant solution to share with all your customers to reduce password costs.
- Customized per customer for self-service of password resets
- Functionally like FastPass Enterprise
- IT workflow for a facilitated password reset in the service desk
Facilitated Password Reset
FastPass (FPR) introduces a management defined process for manual verification. The verification process is matched to different security profiles for different groups. The service desk agents don’t need privileged passwords anymore. FPR uses dynamic and contextual information to help authenticate the users in addition to the management approval process.
FPR reduces the risk for data breaches and the costs associated with IT crime and is used with FastPass Enterprise.
FastPass Cloud
The FastPass Cloud service is a web-based password manager for medium and large companies who want to improve productivity and security related to password self-service processes in a simple and fast way. Users get access to a WEB-portal, even from a Windows PC before log-in!
FastPass Cloud covers all popular corporate password types like Windows / Active Directory, SAP, IBM Z, IBM I, Oracle, SQL, LDAP, and others.
Pricing depends on your functional requirements and user-count. You can, of course, choose between purchase and subscription agreements. Contact us or our partners to get an individual quote.
No matter what FastPass solution you choose it is WEB-application secure according to industry security standards:
- OWASP
- PCI
- SANS CYBER
Reach 90% password self-service success with user focus
The implementation of self-service password reset solutions might look like a simple task, but many organizations have been unsuccessful in implementing them.
A successful password self-service solution requires a good software solution, and perhaps more importantly, a good process.
Why implement FastPass Self Service Password Reset Tool?
Reduces the workload for the service desk
According to the SDI market research report, 25% of calls that service desks handle, are password related. FastPass self-service solution with high adoption rate will reduce workload and complexity on the service desk, freeing resources for use elsewhere.
Improves the service to end-users
Improves security and reduces the risk of data breaches
FastPass has been developed to be a highly secure system, protecting companies’ and users’ data from unwanted and illegal breaches. The purpose of our security activities and our external monitoring of our results is to give our customers full confidence in the use of FastPass for passwords.
Be successful with password self-service
FastPass password self-service helps you get more than 85% of end-users’ password problems solved by end-users themselves. The combination of FastPass functionality and our best practices guide will make you successful with password self-service. You can get the service from the cloud or install on-premise.
A few highlights to understand how you can achieve 85% end-user success:
- All corporate passwords are included: Windows, SAP, Oracle, IBM, LDAP a.o.
- All users are easily enrolled
- Access from anywhere, including PCs and smart devices
- Users can choose between many different authentication methods
Secure and compliant manual password processes
Even with 85% self service you’ll have 15% of calls to your service desk. This is a very vulnerable process, where it’s easy to get a password for a legitimate user’ account.
FastPass Facilitated Password Reset helps you protect the users and the service desk assistants against attacks for passwords. Manual authentication must be a secure and compliant process. With Facilitated Password Reset module you can reduce the risk dramatically and remove the risk from the service desk team.
A few highlights:
- Authentication processes match the users’ risk profile
- Service desk assistants will no longer have privileged passwords
- Multiple authentication tests in the workflow
- Contextual and dynamic data are included
Cloud or in-house operation
FastPass is available as a service from FastPass Cloud with a minimum of technical implementation time. If you prefer an on-site installation FastPass is available as a traditional SW-package too. The solution is identical in the two environments
Service providers (MSP) can operate their own private cloud for their customers. FastPass is selected by many of the worldwide service providers to offer individual password services to their different large customers.
Increase Staff & Help Desk productivity and avoid costly data breaches!
The IDC white paper on Passwords and GDPR states that fines of up to 4% for data breaches under the new law.
The most recent Data Breach Incident Report (DBIR) by Verizon states that 63% of confirmed data breaches involved weak, default, or stolen passwords.
Many passwords reset approaches involve a second person, typically a help desk staffer. What stops such a person from exposing a user’s password to an unauthorized person (accidentally or otherwise)?
FastPass ensures that this second person (help desk staffer) can never expose a user’s password, even though they facilitate the reset.
IDC Technology spotlight: Password Management and GDPR Compliance: Lowering Risk Through State-of-the-Art Assisted Password Reset
Password reset self service and synchronization with FastPass
FastPass covers the important password manager processes for self service of passwords with a compliant and secure process for the facilitated password reset process in the service desk. The results are high productivity and ease-of-use for all types of corporations.
FastPass covers all types of passwords (Windows / SAP/ Oracle / IBM i, etc.). FastPass supports Active Directory and Azure Active Directory users.
Choose FastPass password reset solution
FastPass for Active Directory
FastPass for Active Directory lets you start with an advanced and automatic platform for Windows Active Directory passwords. You can later add functionality as your requirements increase. Reach 90%+ adoption rate with forced enrolment and rich authentication options.
FastPass covers Active Directory, Multi-AD, Multi-forest AD, Azure AD, Hybrid Azure AD.
FastPass for SAP
SAP password reset tool for Self Service or Synchronize:
- Easy to use self-service portal for all instances
- Supports all SAP variations, and an unlimited number of SAP instances
- Functionality as FastPass Enterprise
- Synchronize AD passwords to SAP passwords
FastPass for Oracle
Oracle reset password portal and synch for end-users:
- Easy to use self-service portal for all systems
- Supports all Oracle variations, and an unlimited number of Oracle systems
- Functionality as FastPass Enterprise
- Synchronize AD passwords to SAP passwords
FastPass for IBM
Password synchronization or password reset for IBM i series, IBM Z and RACF:
- Easy to use self-service portal for all systems
- Supports all Oracle variations, and an unlimited number of Oracle systems
- Functionality as FastPass Enterprise
- Synchronize AD passwords to SAP passwords
What is password reset best practices?
Read more about our strong features that can help your organization stay secure
What is self service password reset manager?
- Using password as single or 2-factor authentication?
- Defining password policies
- Creating user-awareness
- End-user self-service of passwords
- The secure facilitated process at the service desk
Large and respected companies have recently announced data breaches. This because of IT-crime in different forms. Boards and executives put the spotlight on IT-management asking: “Can this happen to us?” and “How do you prevent, that it happens to us?!!” According to Gartner IT-security expenditure rose by 16% in 2016. When IT-security gets in focus, so do passwords as the most basic component of IT-security.
We believe this is the reason for the increasing interest in enterprise self service password reset management. In our meetings with senior IT management, we find an interest to get a simple overview and understanding of risks and mitigations related to password challenges. We decided to make a short and hopefully easily read a document on enterprise password management. It is intended for IT-people involved in decisions and processes related to the use of corporate passwords.
Our intention is to have a pragmatic and operational document. It is not a scientific or research-based document for universities! Please forward any suggestions for improvements to us for future versions.
Purpose of passwords
We have used passwords since ancient times. When a citizen in the dark night came back to the city gate he identified himself: “Hi this Joe the Miller”. Now the guards knew Joe the Miller, but should still ask: “Give us the password”. Joe would answer “The moon is blue tonight” and the guards would know that this is the true Joe the Miller and open the gate!
Passwords are used for the same in modern IT-systems: To establish trust to an identity.
We make living persons responsible for the actions made by their user-id in the IT-system. Hence, we must make sure that it only can be the right person who has access to his account. More generic we talk about the authentication process, where a password is one option.
In the ideal world then that would be it! Unfortunately, as the use of passwords exploded to be used by practically everyone, many problems and risks became visible. Professional IT-departments then have to counteract these threats. The actions and decisions necessary to handle and protect passwords to make up Password Management. As this primarily has been an issue for large organizations it is often referred to as Enterprise Password Management, to distinguish it from the personal issues with managing all our new passwords for WEB-services!
Problems with passwords
Users give them away
Even Edward Snowden at the NSA said that people were sharing passwords. Employees are supposed to be trained not to share passwords, but they do anyway. Nick Leeson from Barrings Bank in Singapore got access to colleagues’ accounts and passwords to confirm his transactions himself – no need for others to bother! Password expirations might help to reduce the problem in these situations.
Intruders “steal” them
Intruders might use different tools to steal a password from the user repository or in transmission. With Windows and AD based systems this is not easy at all, but other systems might be more forgiving! Beyond that, the #1 problem is users, despite security awareness training, still, get tricked by email phishing into entering their passwords into hacker sites. Those are mocked up to look like something the user knows and trusts. It is claimed this is how the Democratic Party in the US during the election campaign in 2016 got hacked.
Users forget them
Today we all have lots of passwords to remember and as humans, we will sometimes forget. If your password is complicated too and changes with short intervals, you will forget it! Our rule of thumb for an enterprise with standard password policy is, that there is approximately 1 password call per user per year. This means a cost for the company. Calculating the full cost including user and IT-department analysts estimate to be between 15$ and 100$ per password call.
Third persons (service desks) handle them
When the user has an enterprise password problem they contact the service desk for help (unless a self-service solution is available). The service desk analyst then has tools to create new passwords. This is often a temporary password the user is forced to change immediately, and then the service desk doesn’t know the ‘real’ password. The problem is, however, that the service desk analyst deliberately or by accident gives the password to a ‘wrong’ person, and the user has very little chance of ever knowing it happened.
How we can solve problems?
The question is what to do with the password problems. Instead of getting rid of passwords it might be easier and more realistic to look for mitigation strategies. For each of the password problems we have in this table listed the most effective mitigation strategies:
Authentication
The first step in any password management process should be the definition of security demands for different user groups relative to different applications/systems.
Some user groups may only have access to insensitive data and a simple authentication is fine. Other groups may have access to applications where you can transfer millions of dollars, and you will require very strong authentication to give access. When users are at company premises it might be OK to use single-factor authentication, but when the same users access from the external net you require 2-factor authentication.
The ability to control authentication for different groups in different situations must reflect the features of sign-on for the different systems and applications. Many new authentication methods come forward now including Google and Microsoft Authenticators and some are based on the FIDO model described by the FIDO consortium.
Within the financial limits and security requirements, the decisions can be made to balance cost and risks when authentication choices are made for users and applications. Passwords will most likely continue to be part of the authentication process. In particular as one factor in a multi-factor authentication or a single factor where only insensitive data can be reached.
Password policies
How do we help the users protect their passwords? Password Policies define the corporate requirements for complexity and expiration. Some of the parameters are:
- Length: minimum and maximum
- Complexity of characters
- History (different from earlier versions of the password)
- Forbidden words, can be based on dictionaries of negative passwords
Technology
IT-infrastructure professionals are responsible for the technical protection of passwords. This covers the storage of passwords in user repositories like Active Directories, where encryption and hashing are used making a reversal of passwords practically impossible (This mean for example that “Give me my password back” is impossible because no-one can get the real password!)
Encryption of the password in the transmission is important.
Additionally, we have many different technologies available to prevent that users are attacked by malware or phishing schemes with the purpose to “steal” the user’s password.
Security awareness
Education and continuous awareness program to employees.
- What are the risks for you and your company if we don’t follow the security guidelines?
- What are the company guidelines?
- How can I follow the guidelines?
Processes
The primary process related to passwords is the password reset process for forgotten or locked passwords. The standard manual process is risky and takes time = costs money! The password reset best practices must include self-service of passwords!
Gartner calls the process in the service desk: ‘The Facilitated Password Reset Process’. Many service desks have no management defined process for this service, and many others have a weak process. This obviously means high risks for impersonations from persons who want access from other users’ accounts through a stolen password. Furthermore, monitoring of a manual process is difficult. It also requires that the service desk analysts have privileged passwords further adding to the risk.
IT-based solutions are available
Self service password reset (SSPR)
Users can in a secure way reset and unlock passwords through self-service solutions. SSPR gives end-users faster resolution than waiting for the service desk and is available 24*7. As a result, the service desk will see a reduction in the total number of calls, helping to boost productivity. This is part of password reset best practices.
It is important to be aware of the adoption rate for the solution. Some implementations end-up with as little as 10-40% of users using self-service and the remaining users call the service desk. Even in the best SSPR implementations, you must expect that some users will need the service desk.
Ways to improve adoption or success rate relates to:
- the enrolment process
- accessibility from all types of devices and places (including a locked workstation!)
- a high degree of flexibility in the authentication process.
Facilitated Password Reset (FPR)
Facilitated means that the process involves human assistance. Then risks and deviations follow unless the service desk analysts are supported or even controlled by an IT-solution. To make the facilitated service desk process compliant and secure the analysts must follow management decided steps before a new password is issued. The service desk analysts will be taken through an authorized end-user authentication and then enabling the user to make a new password. The process is commensurate for each user group to balance risk and cost. Most will agree that this is needed to have a password reset best practices.
The big challenge is user authentication. In a completely manual process, the service desk might use a call back to users’ phones. If there is a SSPR system then the user wouldn’t have to call the service desk if he can receive an SMS-code on his phone! Users calling the service desk have multiple authentication problems, or they would have done self-service. Authentication should then, in addition to standard methods as asking questions, have dynamic data related to unique and fresh knowledge about the user. Dynamic and contextual data will be extremely difficult for attackers to obtain.
Furthermore, for very ‘important’ user groups it must be possible to demand personal vouching from other users. This is often referred to as the manager approval model. Basic principles for an FPR solution are:
- Management decided work-flow
- Configurable per user-group
- Multiple authentication options
- Information used for authentication must include dynamic and contextual data
- Manager approval of users must be an option
- Remove privileged passwords from the service desk analysts