Ver:
Procso que
permite a los usuarios recuperar el acceso a un sistema tras haber perdido su
contraseña, sin recurrir al centro de ayuda de usuarios.
Es habitual
que el usuario proporcione una dirección de correo electrónico a la que le será
enviada una contraseña temporal de desbloqueo. Mediante esta contrasñe
temporal, y durante un periodo de tiempo reducido, el usuario puede acceder y
establecer una nueva contraseña. El acceso al correo electrónico se usa de
prueba de autenticidad del usuario.
Otros
mecanismos más robustos pueden incluir mecanismos más robustos de autenticación
alternativa.
is defined as any
process or technology that allows users who have either forgotten their
password or triggered an intruder lockout to authenticate with an alternate
factor, and repair their own problem, without calling the help desk. It is a
common feature in identity management software and often bundled in the same
software package as a password synchronization capability.
Typically users
who have forgotten their password launch a self-service application from an
extension to their workstation login prompt, using their own or another user's
web browser, or through a telephone call. Users establish their identity,
without using their forgotten or disabled password, by answering a series of
personal questions, using a hardware authentication token, responding to a
password notification e-mail or, less often, by providing a biometric sample.
Users can then either specify a new, unlocked password, or ask that a randomly
generated one be provided.
Self-service
password reset expedites problem resolution for users "after the
fact," and thus reduces help desk call volume. It can also be used to ensure
that password problems are only resolved after adequate user authentication,
eliminating an important weakness of many help desks: social engineering
attacks, where an intruder calls the help desk, pretends to be the intended
victim user, claims that he has forgotten his password, and asks for a new
password.
http://en.wikipedia.org/wiki/Self-service_password_reset
Temas relacionados