CXO

Product Spotlight: Desktop Authority Password Self-Service

Derek Schauland introduces the Desktop Authority Password Self-Service app from ScriptLogic that allows users to reset their own passwords.

Keeping track of passwords is increasingly difficult, with PIN numbers, bank passwords, Web site logons, Windows passwords, and more; it's an ever-increasing list to manage. It's also no wonder that the password reset feature gets used so often.

In business, the Windows logon password is the key to many employees' work lives. Occasionally, they are going to forget their password or enter it incorrectly too many times, which may lock them out for a period of time. This is where Desktop Authority Password Self-Service (DAPSS) by ScriptLogic comes in, helping out users and help desk staff in a pinch.

Specifications

DAPSS requires SQL 2000 or 2005 for data storage and reporting and Internet Information Server on the server end.

Supported operating systems:
  • Windows 2000
  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows Server 2003 SP1 or higher

Who's it for?

DAPSS is great for organizations of all sizes where resources are stretched thin or at a premium because of other challenges. The product also licenses for about US$7 per user, less if you are already a Desktop Authority customer, which makes the application very affordable for organizations of any size.

What problem does it solve?

The application puts password control in the hands of the users. Allowing a user to change an expired or forgotten password or unlock a user account by answering some challenge questions eliminates the need for the user to call the help desk. It also makes the password accessible 24 hours per day. This improves the convenience for the users as well.

Standout features

DAPSS is very easy to configure. The user information is imported from Active Directory to speed setup and avoid record duplication. The tool also comes with a help desk component which allows users to get help if they have not yet registered with the service or need help getting the hang of it. Because the help desk does not need to access the user account directly to reset the password or unlock the account, the users needing help will get it much faster.

The user experience within the application is very simple. You can search for a user's account by certain characteristics from the user name to partial first or last name. Challenge questions are configured during the initial setup and used to aid with the account actions going forward.

DAPSS includes a free trial to allow you to test it in your environment with a pilot group or to get it configured and ensure it works as needed before paying for a license.

Figure A

Click to enlarge.

The user experience for registered users of Password Self-Service

Figure B

Click to enlarge.

The Admin console

What's wrong?

Changing the password policies at any organization can be a challenge for IT, but will be a benefit for the users in the long run. It will take some time to change the habit of your users to manage their own passwords rather than calling the help desk.

Because users are allowed to manage their own passwords through a Web interface, some vulnerability is introduced. Social engineering scammers (or just employees who already know a lot about each other) could guess the answers to challenge questions for their fellow users, leaving the door open to unauthorized use of accounts.

The application can set the questions to be configured by the user, and the answers to these questions are specific to the user, but employees should be cautioned to create questions that are "secret" or at least, would be very hard to guess. In production, it would make sense to refresh the challenge questions every year or so, just to keep things more secure.

Competitive products

Bottom line for business

If your help desk staff is overwhelmed by projects or day to day operations, allowing users to maintain their own passwords can be a huge time saver for everyone. Allowing password resets and account unlocking to be handled completely by the user can also removes frustration on the part of the employee because the employee does not need to contact the help desk and wait until they have time to assist.

About

Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

Editor's Picks