Secure Password Reset 'made easy' with SecurEnvoy SecurPassword

Editorial Type: Industry Focus Date: 2021-12-16 Views: 554 Tags: Security, Password Management, Cyber Security, Social Engineering, Hacker attacks, Support, SecurEnvoy, SecurEnvoy SecurPassword
Michael Urgero, Senior Security Engineer, SecurEnvoy, offers his insights on solving the problem of lost passwords for users and the support team

In the complicated and technologically diverse world we live in today, there are many cybersecurity risks to mitigate. Most are variants of well-known attacks and breaches with a new twist. However, there is one part of the tech landscape that goes generally unnoticed: losing your password or locking yourself out of a system. Everyone has done it at least once and nothing is more frustrating.

Over the years, countless calls to support desks have cost IT organisations millions of dollars in time, resetting passwords for users. What's worse, and frankly more concerning, is the finer art of social engineering where an imposter calls the support desk, posing as you, to have a password reset to your account and gain access to valuable company systems.

HIGH-VALUE TARGETS
Some go as far as researching high-value targets, gathering detailed information about life, family and employment details before making these calls. World-renowned hacker Kevin Mitnick perfected this art back in the 90s and was successful breaching into several US government systems as a result. He even served time for it - yet this technique still works in many cases today, leaving systems vulnerable to the human desire to be helpful.

SecurEnvoy SecurPassword solves this problem. When the user registers their token with our system, often a mobile device, they are prompted for two secret questions. The answers to these questions are stored with the user object, ready to be used as a method of final identification. These questions can be customised to avoid the age-old mother's maiden name commonality.

When a user has forgotten or locked themselves out, they simply visit the password reset site. Entering their username, 6-digit token and answer to a security question provides sufficient hack-proof validation, which authenticates them to the password-reset system. Once there, they are able to unlock their account and reset their password themselves.

FAR SUPERIOR APPROACH
This method is far superior for several reasons. It removes the responsibility from the support desk and places it with the user directly, saving cost. It is also the only method where changing one's password can be completed with an authentication process to assure that the person changing the password is, in fact, you.

To see this in action or for more information about SecurEnvoy security solutions, click here.

Subscribe Email Editor Forward Article