Facilitated Password Reset process has achieved much attention since we announced it in November of 2017. We have been asked to make a short video to help explain what it is all about. The new video is now available from youtube Facilitated Password Reset Video .
The video illustrates the present status in service desks regarding the authentication process for passwords. Gartner has introduced the term Facilitated Password Reset and we highlight the most important observations. In particular the following is worth noticing:
- The reality is that no matter how foolproof a Self-Service Password Reset (SSPR) solution is, the need for service-desk-assisted password resets will likely always be there.
- A facilitated reset allows a delegate (such as an administrator or service desk operator) to perform a password reset or account unlock on behalf of another user. That said, there are often security holes in the facilitated reset process
The 5 basic principles for Facilitated Password Reset is presented and reviewed:
- Have a management decided process
- Prevent circumventions by staff
- The process must balance risks and costs for different user groups
- Proofing process must use dynamic and contextual data and intelligence in addition to static data and tokens
The length of the video is less than 4 minutes.
You can get more information regarding the general compliance issues related to the password process from compliant and secure password management where you can also read views on compliance in general and GDPR specifically.
A more detailed description related to FastPass Facilitated Password Reset (FPR) is available from Facilitated Password Reset