Passwords are one of the most insecure security measures today. The same passwords are listed as the most used year after year (which is simply a repercussion of too many systems/passwords), and when they’re forgotten, password resets via the helpdesk have zero validation around who’s actually calling.
To simplify the process of password resets, self-service solutions invoke the use of authenticating questions. While a valid method, because of the need to enroll with the solution in the first place (by answering said questions to identify who you are later), adoption of these solutions within an organization is always a challenge.
It should be asked “Why do I need to prove my identity using authentication questions?” I mean, we live in a day an age where we have cell phones as a method of secondary identification via text message, and with users have so many accounts already on the internet, why not simply use one of those?
Mind you, there’s still a ton of value in authentication questions – especially when using password reset solutions that provide granular levels of security to ensure those with elevated privileges need to respond properly to very specific questions. But, for the masses of users, having an ability to reset their password using a linked account makes a lot of sense:
- Enrollment is easy – By simply linking one or more supported external accounts (which usually involves little more than clicking a few links), users are instantly enrolled.
- Plays a role in Multi-Factor Authentication – each linked account acts as another unique way to identify the user is who they say they are.
- Password resets are simplified – In order to reset a password, users are usually asked to answer questions they may or may not remember the answers to (keep in mind, many organizations no longer use the base questions like “what’s your mother’s maiden name” and, instead, use custom questions). Instead of making it difficult, users simply need to authenticate to an external service – such as Google – to prove themselves. Some solutions utilize one-time password authentication services from external providers, while others simply require logging into the external service.
- Verification is Familiar – because users are asked to authenticate using an external service they interact with personally, there is little-to-no learning curve for the reset authentication process.
In many ways, the password is dead – it’s an age-old means of identifying someone. For those organizations wanting to provide users with a productive way to reset their password while still maintaining the highest levels of security, the use of a solution that integrates with externally linked accounts as a form of verification is a viable option. By using linked accounts, passwords resets remain inexpensive (as compared to a helpdesk-based model), adoption within the organization improves, and the security of accounts remains high.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.