Pricing  Get Quote
 
 

Security & Safety

Password self-service security and safety

Self-service password reset and account unlock empowers users to reset their own passwords and unlock their accounts. While this feature drastically reduces the administrative burden, increases productivity, and saves time for both administrators and users alike, it is important to ensure that it is implemented securely.

ADSelfService Plus not only gives users the power to reset their own passwords and unlock their accounts, but also ensures that it is done securely. Let's take a look at the various password threats and how to employ password self-service securely to prevent them.

Administrative password management against insider threats

While many organizations focus their insider threat defense programs on insiders with malicious intent, research shows that 60% of insider threats are caused by negligence. For example a user might set a simple password such as "qwerty," or "1234" for their own convenience without realizing that weak passwords pose a serious security threat.

In addition, the FBI's Protected Voices initiative recommends the use of passphrases. Here, the emphasis is on length rather than complexity. Users can use a line from their favorite book, song, or film, and then incorporate special characters in it, for example, "Exp3ct0_P@tr0num." That way, the password will be long, easy to remember, and hard to crack by cybercriminals.

You can educate your users about using strong passwords and passphrases, but enforcing your users to actually use them is easier said than done. This is where ADSelfService Plus comes into play. With ADSelfService Plus, you can prevent password reuse, mandate a longer password length, and blocklist common passwords. What's more? ADSelfService Plus integrates seamlessly with the Have I Been Pwned? API service that will alert your users instantly when they attempt to set a password that has been previously leaked. Find more information here.

Tackling threats from outsiders

How do you deal with threat actors who try to reset user passwords?

ADSelfService Plus lets you enable MFA such as YubiKey, biometric, and Google Authenticator, so that users go through two or more authentication factors before they perform password self-service.

In addition, ADSelfService Plus fortifies your security by denying access to users who exceed a threshold of unsuccessful login attempts, using CAPTCHA, SQL injection preventers, and more. Learn more about tackling threats from outsiders.

Other security features

ADSelfService Plus takes password security seriously. It's loaded with features like a session delimiter, password strength analyzer, and more to keep your password security intact. Explore our security features here.

How ADSelfService Plus goes the extra mile to ensure password security

Restrict inactive users in a domain in AD from being exploited

Inactive or stale user accounts are a very desirable attack vector for hackers and insiders with malicious intent. An employee who left the organization could also leverage stale accounts to attack the organization's security. Therefore, it is vital to monitor inactive accounts periodically and restrict their access.

ADSelfService Plus helps you do this in a few simple steps. With ADSelfService Plus, you can generate a list of users who have been inactive for a particular number of days and then select the user accounts you want to restrict.

Enforce password history when an end-user resets their password via the self-service portal

Reusing the same password over a long period of time hampers password security and increases the chances of a successful brute-force attack. ADSelfService Plus ensures users don't reuse the same passwords during self-service password reset. All you need to do is check a box and mention the number of old passwords you want to restrict.

enforce password history

Lock out accounts in AD in case of brute-force attempts

Take proactive measures to prevent password attacks by locking out users who fail identity verification.

lock out account to prevent attack

In addition to fortifying your password security, ADSelfService Plus offers a variety of other features. From tightening security over end-user authentication to facilitating self-service password security, ADSelfService Plus does it all. And, despite providing all these features, ADSelfService Plus' UI is simple and user-friendly.

So what are you waiting for? Get your hands on ADSelfService Plus now!

Secure password self-service with advanced authenticators for identity verification.

Get your free trial  
Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by