Blog Home > Authentication Security > Remote Password Reset is Always Possible
remote password reset

Remote Password Reset is Always Possible

| 1 Comment

remote password reset

 

Inspiration can strike at any time. The fickle spark of innovation that serves as the genesis for new ideas, approaches and tactics does not occur on a set schedule. Being able to work and access corporate systems or applications when this metaphorical match is struck can be the difference between an idea catching fire or extinguishing in a puff of smoke.

Access to the company network from home can be addressed by your garden variety VPN, but what happens if the user’s password recently expired and they changed it to something that didn’t sink in yet. If this is outside normal Help Desk hours, how can a remote password reset work? Your IT department might be able to cobble together a web application that allows users to reset a forgotten password, but would you feel comfortable exposing this to the internet at large? That’s the only way it would benefit users outside the corporate network. Would this application allow simple, secure remote password resets for authorized users and not simply serve as a new attack point for malicious hackers to exploit?  If not, how can you make remote password reset possible in a secure, efficient manner?

 

There is no shortage of off the shelf password reset products in the market but the devil is always in the details. Most worthwhile products allow users to identify themselves using challenge answers or an OTP sent to a cell phone.  Does the product use a standard protocol like HTTPS or web services?  Do the product’s engineers recommend making the product available to end users on the internet by placing it behind a reverse proxy to limit the attack surface?  Do they have a mobile app that allows simple, one-time enrollment by capturing a QR code and one-press password reset utilizing secure, industry-standard algorithms like OATH Time-based OTPs for “behind the scenes” authentication?  Best practices and innovations like these are a few of the details that make PortalGuard the best option for securely allowing remote users to reset passwords so they can turn that spark of an idea into your company’s next great differentiator.

Please follow and like us:
0
Gregg Browinski

Author: Gregg Browinski

Gregg, PistolStar’s Chief Technology Officer, oversees PistolStar’s product development and technical support. Prior to joining the company in 2001, he received extensive experience as a developer at IBM Lotus and Iris Associates. Gregg has served as the lead architect and developer for PistolStar’s Password Power suite of authentication solutions. He is responsible for the product’s technical success and the recognition it has received through award nominations.

One Comment

  1. Good post. I learn something new and challenging on sites I stumbleupon on a daily basis.
    It will always be useful to read through articles from other writers and use a little something
    from other sites.

Leave a Reply

Required fields are marked *.


Main menu