SecurEnvoy SecurPassword: Password resets made easyMichael Urgero 07/05/2021 Security
In a complicated and technologically diverse world today, there are many cybersecurity risks to mitigate. Most are variants of well-known attacks and breaches with a new twist. However, there is one part of the tech landscape that goes generally unnoticed: losing your password or locking yourself out of a system. Everyone has done it at least once and nothing is more frustrating.
Over the years, countless calls to support desks have cost IT organizations millions of dollars in time resetting passwords for users. What’s worse, and frankly more concerning is the finer art of social engineering where an imposter calls the support desk posing as you, to have a password reset to your account and gain access to valuable company systems. Some go as far as researching high value targets, gathering detailed information about life, family and employment details before making these calls. World renowned hacker Kevin Mitnick perfected this art back in the 90’s, and was successful breaching into several US government systems as a result. He even served time for it – yet this technique still works in many cases today, leaving systems vulnerable to the human desire to be helpful.
SecurEnvoy SecurPassword solves this problem. When the user registers their token with our system, often a mobile device, they are prompted for two secret questions. The answers to these questions are stored with the user object ready to be used as a method of final identification. These questions can be customized to avoid the age-old mother’s maiden name commonality.
When a user has forgotten or locked themselves out, they simply visit the password reset site. Entering their username, 6-digit token and answer to a security question provides sufficient hack-proof validation, which authenticates them to the password-reset system. Once there, they are able to unlock their account and reset their password themselves.
This method is far superior for several reasons. It removes the responsibility from the support desk and places it with the user directly, saving cost. It is also the only method where changing ones password can be completed with an authentication process to assure that the person changing the password is, in fact, you.
If you would like to see this in action, or get more information about our security solutions, please contact us.