The Problem with Security Questions
Whether it’s an IT admin helping an employee gain access to their accounts or an employee attempting to change their password, authentication is required to prove that the person attempting to perform that action is indeed who they say they are. In the past, many teams have felt comfortable relying solely on the use of security questions to carry out that authentication. However, this approach has its shortcomings:
- Someone that knows a great deal about an employee could easily answer these questions
- Answers to the same questions that might have been used elsewhere could be compromised
How to Strengthen Your Authentication Process
Adding another layer of security would easily remedy these concerns. You are likely already leveraging multifactor authentication (“MFA”) for application access – now you can leverage that same security level for your self-service password management processes. If you feel that your organization is being left vulnerable by the exclusive use of security questions for password self-service – don’t worry. Core Password offers a standard MFA integration, including a new connector for Duo Security so that, after answering a series of security questions, users will be prompted to verify their identity using Duo – typically in the form of a push notification sent to their mobile device.
Core Password is our secure self-service password management solution. It offers multiple access options, robust service desk integration, the ability to enforce consistent password policies for any system, application, or web portal, and the ability to connect with a wide variety of MFA solutions like Duo.
The Duo connector is offered as an add-on to your Core Password subscription. This connector can apply to either the user interface, the help desk interface, or both. Have more questions about how multifactor authentication connectors work and how they can help your organization? Contact us today!
How MFA Works in Core Password
Interested in what that process would look like inside Core Password? Check out these three simple steps below:
1. After answering security questions, users will be prompted to send a Duo push notification to their mobile device. This notification will take the form of a unique one-time passcode or a simple accept or decline message.
2. The user will receive this push notification from the duo app on their mobile device and select accept or decline – unless they are prompted to enter a unique code instead.
3. The user enters the unique, one-time code. From there, they can reset their password.
Interested in more information about Core Password, including its ability to manage passwords for your cloud-based or on premise infrastructure and applications, including MFA and voice biometrics authentication, contact us today!