Сorporate password processes:
Reduce costs and increase security
Self service of passwords and secure workflow for passwords
FastPassCorp
Publicly listed on Nasdaq/Copenhagen stock exchange (Ticker: FASTPC)
Almost 2 million end-users signed-up since 2010
Profitable growing revenue for many years. Worldwide coverage
You can trust FastPassCorp:
Used by leading worldwide managed service providers to deliver secure self service password processes for their customers.
Being used by private and public organizations from 1000 users to +100,000 end-users.
Customer support is personal, fast and closely related to our customers.
Sold through local partners and distributors.
Experienced management team leading the vision for FastPassCorp.
The IT department of London Metropolitan University supports more than 12,000 students and 2000 staff members in the UK.
The FastPass implementation was very quick and it has become the main tool for password management within our community.
We now use the help desk pin for providing passwords to new accounts with a secret, system generated password.
We have seen an 80% reduction in assisted password resets.
GET IN ONE CLICK
FastPass Corporate Overview
A strong vision to make processes for passwords and other credentials secure and simple for end-users and service desks.
Security is by design and FastPass Enterprise and Cloud are regularly being externally penetration tested.
Partner with Microsoft, HP, Amazon and many other technology producers.
Password Obituary: But is the Humble Password Really Dead?
The humble password must have read its own obituary many times in recent years given the number of “Passwords are dead” articles that have been published. But is it really dead?
In a recent article posted by SecurityWeek, it was stated that the number of passwords will grow to 300 billion by 2020. This seems to contradict the reports of the demise of the password. So as the number of passwords seemingly continues to increase, why don’t we recognize this and do our best to help the password survive into the future as a strong companion for guarding the doors to our online presence?
Reach 90% password self-service success with user focus
The implementation of self service password reset solutions might look like a simple task, but many organizations have been unsuccessful in implementing them. For many of the unsuccessful implementations, the attitude has been: “We just need to give the user a button and they will serve themselves!” However, the results are clear:
This is not enough!
A successful password self service solution requires a good software solution, and perhaps more importantly, a good process. To help guide you, we have defined password reset process best practices:
5 steps to password self service success
Want more information about FastPass products, pricing or anything else?
We are here to help you!
Why implement FastPass Self Service Password Reset Tool?
Reduces the workload for the service desk
According to the SDI market research report, 25% of calls that service desks handle, are password related. FastPass self-service solution with high adoption rate will reduce workload and complexity on the service desk, freeing resources for use elsewhere.
Improves the service to end-users
Self Service Password Reset is liked but often poorly implemented. With FastPasscompanies reach up to 85% password self service success through 5 Step Implementation process: motivation, invitation, access, authentication, and assistance.
Improves security and reduces the risk of data breaches
FastPass has been developed to be a highly secure system, protecting companies’ and users’ data from unwanted and illegal breaches. The purpose of our security activities and our external monitoring of our results is to give our customers full confidence in the use of FastPass for passwords.
Be successful with password self-service
FastPass password self-service helps you get more than 85% of end-users’ password problems solved by end-users themselves. The combination of FastPass functionality and our best practices guide will make you successful with password self-service. You can get the service from the cloud or install on-premise.
A few highlights to understand how you can achieve 85% end-user success:
- All corporate passwords are included: Windows, SAP, Oracle, IBM, LDAP a.o.
- All users are easily enrolled
- Access from anywhere, including PCs and smart devices
- Users can choose between many different authentication methods
Secure and compliant manual password processes
Even with 85% self service you’ll have 15% of calls to your service desk. This is a very vulnerable process, where it’s easy to get a password for a legitimate user’ account.
FastPass Facilitated Password Reset helps you protect the users and the service desk assistants against attacks for passwords. Manual authentication must be a secure and compliant process. With Facilitated Password Reset module you can reduce the risk dramatically and remove the risk from the service desk team.
A few highlights:
- Authentication processes match the users’ risk profile
- Service desk assistants will no longer have privileged passwords
- Multiple authentication tests in the workflow
- Contextual and dynamic data are included
Cloud or in-house operation
FastPass is available as a service from FastPass Cloud with a minimum of technical implementation time. If you prefer an on-site installation FastPass is available as a traditional SW-package too. The solution is identical in the two environments
Service providers (MSP) can operate their own private cloud for their customers. FastPass is selected by many of the worldwide service providers to offer individual password services to their different large customers.
Increase Staff & Help Desk productivity and avoid costly data breaches!
The IDC white paper on Passwords and GDPR states that fines of up to 4% for data breaches under the new law.
The most recent Data Breach Incident Report (DBIR) by Verizon states that 63% of confirmed data breaches involved weak, default, or stolen passwords.
Many passwords reset approaches involve a second person, typically a help desk staffer. What stops such a person from exposing a user’s password to an unauthorized person (accidentally or otherwise)?
FastPass ensures that this second person (help desk staffer) can never expose a user’s password, even though they facilitate the reset.
IDC Technology spotlight: Password Management and GDPR Compliance: Lowering Risk Through State-of-the-Art Assisted Password Reset
Password reset self service and synchronization with FastPass
FastPass covers the important password manager processes for self service of passwords with a compliant and secure process for the facilitated password reset process in the service desk. The results are high productivity and ease-of-use for all types of corporations.
FastPass covers all types of passwords (Windows / SAP/ Oracle / IBM i, etc.). FastPass supports Active Directory and Azure Active Directory users.
Choose FastPass password reset solution.
What is password reset best practices?
See how easy it is for Jim to reset his password!
Read more about our strong features that can help your organization stay secure
What is self service password reset manager?
- Using password as single or 2-factor authentication?
- Defining password policies
- Creating user-awareness
- End-user self-service of passwords
- The secure facilitated process at the service desk
Large and respected companies have recently announced data breaches. This because of IT-crime in different forms. Boards and executives put the spotlight on IT-management asking: “Can this happen to us?” and “How do you prevent, that it happens to us?!!” According to Gartner IT-security expenditure rose by 16% in 2016. When IT-security gets in focus, so do passwords as the most basic component of IT-security.
We believe this is the reason for the increasing interest in enterprise self service password reset management. In our meetings with senior IT management, we find an interest to get a simple overview and understanding of risks and mitigations related to password challenges. We decided to make a short and hopefully easily read a document on enterprise password management. It is intended for IT-people involved in decisions and processes related to the use of corporate passwords.
Our intention is to have a pragmatic and operational document. It is not a scientific or research-based document for universities! Please forward any suggestions for improvements to us for future versions.
Purpose of passwords
We have used passwords since ancient times. When a citizen in the dark night came back to the city gate he identified himself: “Hi this Joe the Miller”. Now the guards knew Joe the Miller, but should still ask: “Give us the password”. Joe would answer “The moon is blue tonight” and the guards would know that this is the true Joe the Miller and open the gate!
Passwords are used for the same in modern IT-systems: To establish trust to an identity.
We make living persons responsible for the actions made by their user-id in the IT-system. Hence, we must make sure that it only can be the right person who has access to his account. More generic we talk about the authentication process, where a password is one option.
In the ideal world then that would be it! Unfortunately, as the use of passwords exploded to be used by practically everyone, many problems and risks became visible. Professional IT-departments then have to counteract these threats. The actions and decisions necessary to handle and protect passwords to make up Password Management. As this primarily has been an issue for large organizations it is often referred to as Enterprise Password Management, to distinguish it from the personal issues with managing all our new passwords for WEB-services!
Problems with Passwords
Users give them away
Even Edward Snowden at the NSA said that people were sharing passwords. Employees are supposed to be trained not to share passwords, but they do anyway. Nick Leeson from Barrings Bank in Singapore got access to colleagues’ accounts and passwords to confirm his transactions himself – no need for others to bother! Password expirations might help to reduce the problem in these situations.
Intruders “steal” them
Intruders might use different tools to steal a password from the user repository or in transmission. With Windows and AD based systems this is not easy at all, but other systems might be more forgiving! Beyond that, the #1 problem is users, despite security awareness training, still, get tricked by email phishing into entering their passwords into hacker sites. Those are mocked up to look like something the user knows and trusts. It is claimed this is how the Democratic Party in the US during the election campaign in 2016 got hacked.
Users forget them
Today we all have lots of passwords to remember and as humans, we will sometimes forget. If your password is complicated too and changes with short intervals, you will forget it! Our rule of thumb for an enterprise with standard password policy is, that there is approximately 1 password call per user per year. This means a cost for the company. Calculating the full cost including user and IT-department analysts estimate to be between 15$ and 100$ per password call.
Third persons (service desks) handle them
When the user has an enterprise password problem they contact the service desk for help (unless a self-service solution is available). The service desk analyst then has tools to create new passwords. This is often a temporary password the user is forced to change immediately, and then the service desk doesn’t know the ‘real’ password. The problem is, however, that the service desk analyst deliberately or by accident gives the password to a ‘wrong’ person, and the user has very little chance of ever knowing it happened.
How we can solve problems?
The question is what to do with the password problems. Instead of getting rid of passwords it might be easier and more realistic to look for mitigation strategies. For each of the password problems we have in this table listed the most effective mitigation strategies:
Authentication
The first step in any password management process should be the definition of security demands for different user groups relative to different applications/systems.
Some user groups may only have access to insensitive data and a simple authentication is fine. Other groups may have access to applications where you can transfer millions of dollars, and you will require very strong authentication to give access. When users are at company premises it might be OK to use single-factor authentication, but when the same users access from the external net you require 2-factor authentication.
The ability to control authentication for different groups in different situations must reflect the features of sign-on for the different systems and applications. Many new authentication methods come forward now including Google and Microsoft Authenticators and some are based on the FIDO model described by the FIDO consortium.
Within the financial limits and security requirements, the decisions can be made to balance cost and risks when authentication choices are made for users and applications. Passwords will most likely continue to be part of the authentication process. In particular as one factor in a multi-factor authentication or a single factor where only insensitive data can be reached.
Security awareness
Education and continuous awareness program to employees.
- What are the risks for you and your company if we don’t follow the security guidelines?
- What are the company guidelines?
- How can I follow the guidelines?
Password Policies
How do we help the users protect their passwords? Password Policies define the corporate requirements for complexity and expiration. Some of the parameters are:
- Length: minimum and maximum
- Complexity of characters
- History (different from earlier versions of the password)
- Forbidden words, can be based on dictionaries of negative passwords
Technology
IT-infrastructure professionals are responsible for the technical protection of passwords. This covers the storage of passwords in user repositories like Active Directories, where encryption and hashing are used making a reversal of passwords practically impossible (This mean for example that “Give me my password back” is impossible because no-one can get the real password!)
Encryption of the password in the transmission is important.
Additionally, we have many different technologies available to prevent that users are attacked by malware or phishing schemes with the purpose to “steal” the user’s password.
Processes
The primary process related to passwords is the password reset process for forgotten or locked passwords. The standard manual process is risky and takes time = costs money! The password reset best practices must include self-service of passwords!
Gartner calls the process in the service desk: ‘The Facilitated Password Reset Process’. Many service desks have no management defined process for this service, and many others have a weak process. This obviously means high risks for impersonations from persons who want access from other users’ accounts through a stolen password. Furthermore, monitoring of a manual process is difficult. It also requires that the service desk analysts have privileged passwords further adding to the risk.
IT-based solutions are available:
Self service password reset (SSPR)
Users can in a secure way reset and unlock passwords through self-service solutions. SSPR gives end-users faster resolution than waiting for the service desk and is available 24*7. As a result, the service desk will see a reduction in the total number of calls, helping to boost productivity. This is part of password reset best practices.
It is important to be aware of the adoption rate for the solution. Some implementations end-up with as little as 10-40% of users using self-service and the remaining users call the service desk. Even in the best SSPR implementations, you must expect that some users will need the service desk.
Ways to improve adoption or success rate relates to:
- the enrolment process
- accessibility from all types of devices and places (including a locked workstation!)
- a high degree of flexibility in the authentication process.
Facilitated Password Reset (FPR)
Facilitated means that the process involves human assistance. Then risks and deviations follow unless the service desk analysts are supported or even controlled by an IT-solution. To make the facilitated service desk process compliant and secure the analysts must follow management decided steps before a new password is issued. The service desk analysts will be taken through an authorized end-user authentication and then enabling the user to make a new password. The process is commensurate for each user group to balance risk and cost. Most will agree that this is needed to have a password reset best practices.
The big challenge is user authentication. In a completely manual process, the service desk might use a call back to users’ phones. If there is a SSPR system then the user wouldn’t have to call the service desk if he can receive an SMS-code on his phone! Users calling the service desk have multiple authentication problems, or they would have done self-service. Authentication should then, in addition to standard methods as asking questions, have dynamic data related to unique and fresh knowledge about the user. Dynamic and contextual data will be extremely difficult for attackers to obtain.
Furthermore, for very ‘important’ user groups it must be possible to demand personal vouching from other users. This is often referred to as the manager approval model. Basic principles for an FPR solution are:
- Management decided work-flow
- Configurable per user-group
- Multiple authentication options
- Information used for authentication must include dynamic and contextual data
- Manager approval of users must be an option
- Remove privileged passwords from the service desk analysts
Want more information about FastPass products, pricing or anything else?
We are here to help you!
FastPassCorp A/S, USA
FastPassCorp A/S, Gladsaxevej 376, st.th; 2860, Søborg, Gladsaxe, Denmark
© FastPassCorp A/S. All Rights Reserved.