Password Recovery and password reset app

larkspurlarkspur Posts: 235Member
hey looking for an app that is web based for password recovery and passwords reset.

requirements:

must work with Active Directory
Must be web based
Password recovery - passpharses to recover passwords or reset passwords for end users


any one recommend a application, free is always good, but I have a few $$$ allocated for this.

tia!!
just trying to keep it all in perspective!

Comments

  • nelnel Posts: 2,859Member ■□□□□□□□□□
    at our place we use PRM (password reset manager) - its an add on to the windows login where you click the button and it launches a web page where you have to answers q's about personal info etc to unlock accounts etc. it ties in with AD aswell but i think its a few £££'s!!!!!!!!
    dont know how much we paid tho because we are a large enterprise
    Xbox Live: Bring It On

    Bsc (hons) Network Computing - 1st Class
    WIP: Msc advanced networking
  • larkspurlarkspur Posts: 235Member
    PRM from Quest?
    just trying to keep it all in perspective!
  • Ricka182Ricka182 Posts: 3,359Member
    My Company also uses the Quest software....I think zero people have setup their profile, so it's no use. There is an idea floating around, to make users pay for reset passwords. The theory is, these passwords are required, and so is their complexity. The company asks you to remember your password, it's not that difficult. If it is, you can pay for being stupid. I see so many people coming up with the most complicated passwords, when it's doesn't have to be. Uppercase, lowercase, and a number; is it really that hard? If so, pay up stupid.....
    i remain, he who remains to be....
  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member ■■■■■■■■□□
    Ricka182 wrote:
    My Company also uses the Quest software....I think zero people have setup their profile, so it's no use. There is an idea floating around, to make users pay for reset passwords. The theory is, these passwords are required, and so is their complexity. The company asks you to remember your password, it's not that difficult. If it is, you can pay for being stupid. I see so many people coming up with the most complicated passwords, when it's doesn't have to be. Uppercase, lowercase, and a number; is it really that hard? If so, pay up stupid.....

    There are a few problems with that approach and they all stem from the fact that your users will try and circumvent any security policy they do not want to deal with and think they can get away with. First up the extra penalties involved in forgetting the passwords will make it more likely they will simply start writing them down and posting them nearby, to counter this you will have to increase real-world vigilance and also provide a strict penalty for that behavior...if you don't have supervisor buy in you have just made yourselves the enemy in their eyes. It's better to have a sit down with the supervisors, get them all to agree in principal that your security measures are necessary and that they will help to enforce them (most won't actually do so at first). When any user calls for a password reset email the supervisor, keep track of the offenders aswell as their bosses and be prepared to escalate the worst offenders to higher management pointing out that this costs the company money. Then let the p00p roll down hill from there, when their boss gets an earful from a director it's going to be a lot easier to remember the passwords than not.
    The users know you can't watch them all the time and you can be pretty much guaranteed they are more afraid of their boss than you or 'your pesky' policies.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.