Password Recovery and password reset app

hey looking for an app that is web based for password recovery and passwords reset.

requirements:

must work with Active Directory
Must be web based
Password recovery - passpharses to recover passwords or reset passwords for end users

any one recommend a application, free is always good, but I have a few $$$ allocated for this.

tia!!

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

nel

at our place we use PRM (password reset manager) - its an add on to the windows login where you click the button and it launches a web page where you have to answers q's about personal info etc to unlock accounts etc. it ties in with AD aswell but i think its a few £££'s!!!!!!!!
dont know how much we paid tho because we are a large enterprise

larkspur

PRM from Quest?

Ricka182

My Company also uses the Quest software....I think zero people have setup their profile, so it's no use. There is an idea floating around, to make users pay for reset passwords. The theory is, these passwords are required, and so is their complexity. The company asks you to remember your password, it's not that difficult. If it is, you can pay for being stupid. I see so many people coming up with the most complicated passwords, when it's doesn't have to be. Uppercase, lowercase, and a number; is it really that hard? If so, pay up stupid.....

Ahriakin

Ricka182 wrote:

My Company also uses the Quest software....I think zero people have setup their profile, so it's no use. There is an idea floating around, to make users pay for reset passwords. The theory is, these passwords are required, and so is their complexity. The company asks you to remember your password, it's not that difficult. If it is, you can pay for being stupid. I see so many people coming up with the most complicated passwords, when it's doesn't have to be. Uppercase, lowercase, and a number; is it really that hard? If so, pay up stupid.....

There are a few problems with that approach and they all stem from the fact that your users will try and circumvent any security policy they do not want to deal with and think they can get away with. First up the extra penalties involved in forgetting the passwords will make it more likely they will simply start writing them down and posting them nearby, to counter this you will have to increase real-world vigilance and also provide a strict penalty for that behavior...if you don't have supervisor buy in you have just made yourselves the enemy in their eyes. It's better to have a sit down with the supervisors, get them all to agree in principal that your security measures are necessary and that they will help to enforce them (most won't actually do so at first). When any user calls for a password reset email the supervisor, keep track of the offenders aswell as their bosses and be prepared to escalate the worst offenders to higher management pointing out that this costs the company money. Then let the p00p roll down hill from there, when their boss gets an earful from a director it's going to be a lot easier to remember the passwords than not.
The users know you can't watch them all the time and you can be pretty much guaranteed they are more afraid of their boss than you or 'your pesky' policies.