Insider Threat! Who? Where? When? How? 'It was unintentional' might say a user upon his account being compromised. The biggest insider threat being- users and their attitude! For sake of Top-Of-Mind recall, end users can ease their way, such as, 'reusing the security answer' when setting the security answers, setting up security answers is an important phase in password self-service; security answers are an alternate identification criteria which help end users reset their passwords. One user's laxity could lead to the security cordon falling like a pack of dominoes! Hackers, managing to guess a username, will try brute-forcing the security answer, i.e., try out all possible combinations. Well, do not worry! This grave insider threat of 'unsophisticated security answers' is passe! It will NEVER happen in ADSelfService Plus: the self-password reset tool that secures Active Directory user passwords with numerous security measures.
Feel free to visit our R&D centre, where you can witness the evolution of ADSelfService Plus - a brainchild of ManageEngine - set at a revolutionary pace. Numerically our technical powerhouse has over a decade of 'Enterprise Password Management' experience, but, is technically way ahead in potential, constantly setting industry trends, gaining domain user insight through customer feedback. Stringent product 'trial and error' is undertaken before a new build is announced.
Allow us to reassure you, how you can cease the inside threats, from users oversight, so you ensure a 'Quality Administrative Password Management' by letting users configure stronger passwords.
Prevent a user from providing the same answer to multiple questions
Why do users replicate their SECURITY answers knowing -- when the uncomplicated security Q&A is under a hacker's scrutiny -- would weaken the indestructible security forces? One of the many unanswered questions! Check this option under advanced settings -> Q&A Settings and quadruple the possible permutations, when an unauthorized person/bot tries to gain access to the password self-service portal for a web-based password change or reset.
Prevent a user from using any word of a question in his answers
During enrollment, when users set the 'password self service' security Q&A, 'forgetting the password' may seem a far cry! So, some might treat enrollment frivolously thus pave way for unauthorized user verification. But fear not! By checking an option under advanced settings, you can prevent users from bypassing the compelling security Q&A with easy to remember passphrases.
Security questions One by One
Security questions during self service password reset/unlock account displayed all at once would make vulnerable the account for a definite attack! Depending on your security needs, choose if you want to display the questions all at once or one by one thus countering the vulnerability of user security questions being figured out by hackers.
Administer Users challenge-response actions
What if users end up choosing unsophisticated passphrases, which could be easily guessed? Well, do not worry! It will NEVER happen in ADSelfService Plus, because it has the ability to preclude users from constructing unsophisticated answers!
Besides, these settings, you can also educate users on how to build difficult-to-guess security answers. Offer suggestions such as the one given below:
Constructing a sophisticated and hard-to-guess security answer:
<A favorite catchphrase> <connector made out of special characters> <answer to security question>
For example, following this format, the answer to "What is your favorite holiday spot?" would be:
Beam me up Scotty&*Hawaii
(Where "Beam me up Scotty is user's favorite catchphrase, "&*" is a connector, and Hawaii is answer to the question. The favorite catchphrase and connector would stay the same for all security answers, only the answer differs. This defeats password guessing, bruteforcing, and dictionary attacks as well)
Culminating the prior points with more tips, so you ensure users create an uncompromising security Q&A profile for a Simple and secure AD self password reset:
All these force users to configure strong & complex passwords thus preventing unauthenticated access of ADSelfService Plus.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.