Blog Home > Self-Service Password Reset > How Self-service Password Reset Enrollment Works

How Self-service Password Reset Enrollment Works

Self-service password reset is the process that allows users to reset their forgotten password by proving their identity through other means. Challenge answers or OTPs sent to mobile devices are the typical alternative methods of identification.  Enrollment of these methods through PortalGuard is described below.

 

First the user attempts to login to their company’s existing portal as usual. PortalGuard intercepts the login attempt, validates the credentials, then checks if the user has enrolled their alternative methods (as defined in the PortalGuard security policies).  If not, PortalGuard automatically displays the enrollment screen in “sidecar” mode. Depending on how the administrator has configured PortalGuard the end-user may be allowed to skip answering the enrollment questions or supplying their phone or email information temporarily.  If this is the case the end-user will be allowed to continue as normal. If the administrator has configured a forced enrollment the user must perform enrollment before the original login is allowed to continue.

For challenge answers, the administrator is able to set the number of questions that are optional and the number of questions that are mandatory.  The administrator is able to set specifications about the questions answers such as minimum length, case sensitivity, prevention of repetitive answers, and prevention of question words as answers. Challenge answers are cryptographically hashed and stored on a central server to support roaming users and prevent the need to re-enroll on multiple machines.  For phone or email enrollment, the contact info and time of enrollment are also stored centrally.

 

Challenge Questions

 

Once the end-user has completed the enrollment, if the user forgets their password they will be prompted to either answer a subset of their challenge questions, provide an OTP sent to their mobile phone/alternative email address or both. Once they sufficiently prove their identity, they will then be allowed to reset their password which is subject to PortalGuard’s highly configurable password complexity rules.

Please follow and like us:
0
thoey

Author: thoey

Tom, PistolStar’s founder and CEO, has over 25 years of experience as a software engineer and is one of the main architects for the widely successful PistolStar product line. He also works closely with his core team to define the sales, marketing and product strategies that drive PistolStar’s growth and success. Prior to launching PistolStar in 2000, Tom was at Digital Equipment Corporation and Iris Associates, an IBM Lotus subsidiary, developing core functionality found in lower-level operating systems and in Lotus Notes and Domino.

Comments are closed.

Main menu