Blog, FastPassCorp SSPR Blog
Ways to protect the password before the user receives their first password | FastPassCorp
Ways to protect the password before the user receives their first password
This article was originally published by LOGON’s partner FastPassCorp. Click here to view the original article.
Nobody wants a user’s password to be in the hands of other people than the user herself. We do however have situations where the user needs help with the password. A frequent situation is forgotten password when we need help from the service desk. This can be solved with password self-service.
The handover of the first password -when you have your first day at work – is however tricky.
Who makes the password? Who gets the password to hand over to the employee? How protected is it? Any risk that it can be used before the new person starts? Is it a smooth and efficient process, where we always have the password available and take very few resources?
You might trust your manager to do it – but do you trust all managers?
Does it work as well for high security and low-security users? Does it work well for internals as well as external contractors?
The above questions show that it is not only one situation we must consider. Most organizations need to find their individual processes: secure and efficient.
The ideal solution
The ideal solution will enable the employee to do her own password without any password being issued in advance – not even a temporary password. Still the process must be secure and prevent any other than the new user to perform the transaction. As always with security different security levels might be accepted based on the user’s security sensitivity.
FastPass’ solution
With FastPass you can configure a secure workflow, matching the security requirements for different groups.
A couple of examples show a simple and a more advanced mode:
Light Process:
When we hire a new employee, we get the private email and private phone number.
As part of the initial IT introduction, the new employee is also asked to log in to the FastPass self-service portal.
The user selects “Initial enrollment”. FastPass will automatically send an Invitation-PIN to the user’s mobile phone and e-mail. With this PIN the employee can make his first real password. Nobody else has been involved!
Furthermore, we can ask the user to enter more personal information and connect to MFA tokens for later identity verification by the service desk or for password self-service.
Advanced process:
We have the private email and phone number.
As part of the initial IT introduction, the new employee is also asked to log in to the FastPass portal.
The user selects “Initial enrollment”. FastPass will automatically send an Invitation-PIN to the user’s mobile phone and e-mail. We will however require a personal verification. So FastPass will request the manager to confirm in FastPass that her new employee is truly waiting for a confirmation. In this way, we combine tokens with the trust of human recognition. The manager’s task can be delegated to another trusted colleague.
After the initial verification, the employee can make his first real password. Nobody else has touched the password!
Furthermore, we can ask the user to enter more personal information and connect to MFA tokens for later identity verification.
These are only examples using FastPass Self-Service Password Reset solution from FastPass V4. You can define and configure many different processes to fit your organization.
Self-Service Password Reset
Automation tool to reduce service desk cost and improve user experience and productivity. For Windows, SAP, Oracle, IBM and more.
Free FastPass Information Kit
Get first-hand information and use cases to discover how FastPass self-service solution for passwords helps customers reduce the cost per incident
Get Free Demo
Book a Free Demo with our specialist to learn more about FastPass Password Self Service Reset with 90% User Adoption