Passlogix v-GO Self-Service Password Reset

Passlogix v-GO Self-Service Password Reset eliminates help-desk calls and costs associated with password reset. Up to 30 percent of all helpdesk calls are password-reset requests, on average taking 20 minutes to resolve and costing more than $20 per call says market research firm, Gartner Group.

Passlogix v-GO Self-Service Password Reset exclusive In-The-Flow technology provides unparalleled usability, enabling users to enroll, reset passwords, and unlock accounts on their own in seconds.

Because helpdesk calls are costly and current password reset processes unproductive, an increasing number of organizations have evaluated self-help tools. However, many tools are inconvenient to use because they cannot be accessed from the computer on which the user is currently locked out.

Passlogix v-GO Self-Service Password Reset's In-The-Flow technology seamlessly and securely includes the enrollment and password-reset process into the Windows logon, providing users with a simple enrollment, reset, and unlock process where and when they need it. This easy to use process dramatically increases user adoption of the password reset tool, resulting in less time spent on resetting passwords and unlocking accounts.

v-GO SSPR uses a question-and-answer process to initiate a reset. When your employees enroll, they have to answer a set of questions that are meaningful and specific to them. When they need to reset their password, they will be presented a Reset Quiz, where they have to supply their answers again. v-GO SSPR's Confidence Based Verification resolves one of the major problems with the typical ”one strike and you are out“ approach to Self Service Reset– lots of false negatives from users who forgot an answer or typed incorrectly. With v-GO SSPR, users can recover from a minor mistake and still reset their password. For administrators, this means the security of sound password policy without unnecessary helpdesk calls.

The administrator presets a Confidence Score... if the user answers a sufficient number of questions correctly and reaches this score, the system allows a password reset. Failure to reach this score results in a password reset denial. Some questions are more secure than others, depending on how difficult it is for a third party to obtain the right answer. For example, someone's date-of-birth is easier to find out than the first name of someone's first love. v-GO SSPR allows the administrator to give different point scores to right answers, depending on this difficulty. However, when someone gives the wrong answer to an easy question, that could raise a significant red flag. While the correct answer to the user's middle name would yield a small positive score, the wrong answer should yield a large negative score, making it difficult, if not impossible, to reach the Confidence Score.

Putting v-GO SSPR to work is a simple process consisting of setup by the administrator followed by user enrollment. v-GO SSPR uses an intuitive Management Console to configure the Enrollment Interview and Reset Quiz. The administrator inputs question text, scoring values, and the Confidence Score limit that complies with the organization's security policies. Administrators may add or modify questions as needed to maintain appropriate security levels, and the Console keeps an audit of enrollment/reset activity and status. During a one-time Enrollment Interview the user answers the questions that will randomly appear during the Reset Quiz.

Many companies are evaluating or implementing strong authentication technologies, such as smart cards or biometrics. When deployed with v-GO SSO, those technologies secure access to all network applications and resources, including logon to Windows. But when the authenticator is not available, for example because the user misplaced the smart card, the fallback is usually the Windows password for log on. As users probably cannot remember that password, v-GO SSPR enables them to pick a new Windows password and be on their way in less than a minute. With v-GO SSO and v-GO SSPR, companies pave the way for a seamless and efficient deployment of strong authentication.

v-GO SSPR delivers a secure, and easy-to-use, easy-to-administer, self-service password-reset solution for the Windows environment. It encourages enrollment and adoption by providing a convenient means for the user to access the reset process without assistance.

• Simple, configurable Web-based question-and-answer process
• In-the-flow, automatic initiation at the Windows system logon that provides easy access, encourages enrollment and, as an option, enforces enrollment

• Addresses “the last password” in a v-GO SSO deployment and “the first password” in the user's day
• Simple Web-based access for end users and administrators
• In-the-flow user access when Windows access is denied at system startup. Provides easy recovery at the most logical point, such as when the user tries to log on, increasing likelihood of usage

• Configurable question-and-answer process
  • Administrative control over questions
  • Support for role/group-specific challenge questions
  • Ability to control response expectations, such as format (mmddyyyy, #-#-##), answer length, and case sensitivity
• Unique scoring model provides high security while reducing false negatives
  • Highly secure, flexible, more closely representative of real-world helpdesk-based identity verification
  • Recognition that some questions are more secure than others and that not all errors and memory lapses should default to helpdesk calls
  • Confidence based on the users answering a sufficient number of the right questions correctly to reach a verification threshold: The Confidence Score
  • Answers can be validated against one or more external data sources

• Windows (or AD) domain password via Internet Explorer browser
• In-the-flow support on Windows 2000, Windows XP, Windows Server 2003, and Microsoft Vista Business Edition
• Supports remote authentication, such as for Terminal Services, Citrix MetaFrame® software, and Citrix MetaFrame Password Manager, with the standard Microsoft Windows GINA

• Simple, Web-based interface and MMC plug-in support for all domains in your environment
• Configurable user interface
• Configurable backend repository for storing questions and encrypted enrollment answers (Microsoft Active Directory, Microsoft ADAM, Microsoft SQL 2000, Oracle Database v10g or later)
• Scoring model-based control that reduces false negatives while maintaining security
• External Validation API
• Reports for Active Users, Enrolled Users, User Enrollment Status, Enrollment Score, Password Resets (completed, cancelled, or failed with score), log of IP address where all resets or attempts occurred
• Detailed technical documentation to assist administrator to set up and manage user authentication securely

• Utilizes Windows Installer technology
• Deploys using most deployment tools, such as SMS, Tivoli, Zenworks, and Novadigm

• User's answers are stored by the v-GO SSPR server as a salted SHA-I hash
• User's answers are never stored in the clear and never on the user's client
• SSL guarantees protection of all communication
• Fault tolerance is based on Microsoft Internet Information Server and Active Directory settings