Is password self-service secure?
The most frequently used verification tests in SSPR solutions are questions/answers and SMS codes. Security experts question the security of both tests. Q/A might be researched and guessed by hackers through social engineering and information from social media. Hackers might redirect SMS traffic for a specific user.
Do SSPR solutions deliver the promised productivity?
Some users forget the answers to their security questions and will then have to call the service desk! This is a productivity cost. (The next question is, if the service desk is secure?)
In FastPass you can add other tests for identity verification, but most of these depend on the availability of a Smart-phone. If the user doesn’t have a Smart-phone or it is not available, then they can’t do self-service!
To solve both issues FastPass now opens for a new very secure test of identity: Manager approval!
The approval of a manager (or another colleague) can now be an option to choose between other tests, or it can be mandatory!
If this option is chosen FastPass will alert the manager and ask the manager to confirm that his employee is waiting for a new password. The manager will then in FastPass confirm and thereby take responsibility for the issuance of the new password. The manager authenticates by using his own password for the transaction. If the manager is not present the call can be forwarded to the service desk or to another manager.
The new verification test is available for self-service of passwords for AD, SAP, Oracle, IBM and all other enterprise password types.
It solves the issue that users can’t do their primary type of test (Q/A, SMS, Smart-phone based) and then can get assistance from their manager, often being placed in the same office environment as the employee.
It also solves the security issue, if the IT-security officer considers the present verification tests to be to weak/soft, and hence wants a very strong test introduced.
Through the configuration of FastPass the manager approval can be configured to be either optional or mandatory, single-factor or part of a multi-factor authentication. The configuration can also specify different groups of users for approval: Managers, colleagues, service-desk or others!
Contact FastPassCorp to discuss your situation and your requirements for productivity and security related to passwords and social engineering!