Security continues to play a critical role in education as K-12 school districts discover new ways of integrating technology into their departments. As some have increased the number of applications and systems the unexpected side-effect is an increased number of accounts, an explosion in password related issues and the threat of identity theft becoming ever more real.

Nervepoint Access Manager can help overcome these challenges by acting as a central point for your users account activities. From password resets to account creation across multiple identity stores Access Manager can help eliminate mounting IT tickets, reduce IT staff pressures, gain control of your users and reduce the threat of account hacking and identity theft.

Nervepoint Access Manager arms you with the ability to:

• Reduce help desk call load by automating the password self service process
• Instill better security by encouraging regular password changes and enforcing new non-repeat and complex passwords
• Reduce the time to enroll students through delegated provisioning workflows so the right people can effortlessly enroll students

• Reduce identity theft and account hacking through the use of multi-factor authentication practices
• Enable better monitoring of users across entire identity stores such as multiple Active Directory domains as well as Linux based systems

Access Manager is focused on three core principles:

• Security – a robust security infrastructure keeps your environment safe and with multi-factor authentication keeps your students safe too
• Simplicity – a clean clutter free environment means your students access exactly what they need without confusion
• Affordability – there are no hidden costs, no addons or additional bundles and with our price promise you always get the most affordable product on the planet.

Nervepoint Access Manager is the perfect solution for educational institutions looking to reduce their help desk load, increase security and keep students safe all on a shoestring budget.

Nervepoint Access Manager is free for 30 days hassle free so why not give it a go and if you’re an academic organization ask about our educational discounts.

Connect with us on LinkedIn, Spiceworks, Facebook, Twitter or Google+.

During the writing of this article it became quite apparent that we needed to split this post into two; not only to reduce the size but more importantly to distinguish two clear separations of concern. This first part covers key tangible features to consider in a final solution such as password resets and authentication, while the second covers more long term items that are more business focused such as product roadmap. So with that preamble let part 1 begin.

The first step is understanding where password self service solutions can help. The common case is in reducing large support volumes. Its not uncommon to find educational institutions or large enterprises losing several weeks a year resolving password-related issues. The average cost of a password reset or account unlock is around $15-$20; if the accumulated time spent is near enough one man-day a month then you could really benefit from a password self service solution.

Another way password self service solutions can be of benefit is being part of your organizations security arsenal. A lot of businesses find that access to the network is well locked down with applications secured behind firewalls and DMZ’s. But one thing they lack is security from the end user’s perspective. Passwords are so commonplace that people can become complacent with their use; repeat, simple, low entropy passwords can result in increased attack vectors. Password self service solutions can help combat identity theft, account hacking, data theft and improve security practices of your end users by introducing strong password policies with the ability for a user to self reset should they forget.

What do you look for when evaluating potential solutions?

Core

It goes without saying that any offering needs to cover the basics: enabling end users to reset their own passwords; unlocking their own accounts and changing passwords. In addition you should be able to see the chance to reduce support load, make end users lives easier and understand how a solution can complement your security infrastructure.

Integration Support

The most common user datastore is Active Directory so any solution needs to provide support for the most common variants, Active Directory for Windows 2003 and Windows 2008. Support for other systems is also something to consider a lot of businesses use Unix-based systems due to their attractive licensing options. Being able to consolidate users across different systems under a single identity under a single console can be quite compelling.

Robust Security

Security needs to be an important factor with the internet rife with reports on identity theft, hacked accounts and stolen data. Typical solutions rely on questions and answers authentication during end user interaction but consideration should be given to other forms of authentication, SMS, OTP etc. Consideration should be given to the depth of authentication factors available and multi-factor authentication.

Reporting

Reporting gives admins and management the data they need to effectively manage the business. At a high-level a business can garner basic information such as number of locked accounts, password change activity but a more in-depth approach can lead to identification of potential security holes such as unused accounts or erratic password behaviour. Having a solution that can provide that insight can be very useful and a great source for proactive security.

Mobility

Remote workers are part and parcel of many businesses these days and on the whole with the advancements in smart phones most products can be accessed on the move but its one thing being able to access a browser frontend on your phone but its an entirely different thing having a solution that caters for mobile users specifically. For example, Nervepoint Access Manager has mobile access that not only provides the defacto set of actions you can find in the web browser version but at the admin level it can be managed completely separately from the web browser version. You can alter the forms of authentication being used by mobile access over the web browser version and even have a unique set of branding options. Remote access adds a new level of risk to user accounts and identities and with so many users accessing the network remotely and the advent of BYOD, its becoming more important that solutions are mobile ready and that they can specifically manage and cater for mobile users rather than just being a scaled version of the web browser.

This post has identified some key features you should consider when evaluating a password self service solution from the core components to support for the mobile workforce. When weighing up any solution these items should be considered in your overall competitor analysis process. Depending on your needs there will also be other features you might need to consider. The next post will highlight some business features you should think about, items that aim to benefit you more long term.

Nervepoint Access Manager is a complete identity password self service solution empowering end users to manage their own accounts, reset forgotten passwords, unlock accounts, update profiles, provision accounts and more. It has an actively evolving product and as ever has no per-feature fees. Plan your budget with confidence, because there will be no surprise fees down the road.

And don’t forget Access Manager is completely free to download for 30 days with no hassle so give it a go and get in contact.

The @AP twitter hack is a recent example of the importance of securing your business accounts/identities and one of the best ways to do this is through multi-factor authentication. The @AP twitter account hack could have been avoided if some form of OTP authentication scheme was in place.

Nervepoint Access Manager secures all user password self service actions behind multiple forms of authentication, any password resets, account unlocks, password changes, profile updates are all secured with not just web based challenges, there is also email, SMS as well as IP based restrictions. This reduces the chances of identity theft attempts considerably.

For general advice on implementing two-factor authentication across your other business services/applicaitons refer to a great article by GFI titled, ‘13 for ’13 Jumpstart: Multifactor Authentication‘

Identity theft is rife, businesses with leaked data or stolen identities are making regular headlines; with so many businesses and applications still reliant on passwords it’s no wonder.

Access Manager helps mitigate some of these worries by addressing identity-related security from an end user perspective with the use of effective and flexible authentication schemes. When a user needs to self service their account password for one or more systems Access Manager can perform stringent checks to validate that the right person has access to the right identity and that the user is accessing the system from the right location. By thoroughly verifying the end user Access Manager reduces the chances of accounts and identities being compromised. A lot of products rely on single factor authentication, personal questions and answer challenges but Access Manager’s multi-factor authentication engine performs additional verification checks on the end user to keep your data and your business safe and it’s all configurable – stack various levels of authentication or keep it simple just for users accessing the system internally – its all up to you.

Lets take a quick look at how Access Manager does this.

The Authentication Builder

Access Manager’s security workhorse is it’s authentication scheme builder an intuitive drag and drop UI. The beauty behind the authentication builder is its ability to hide all complexities associated with managing multiple authentication processes so it’s just as easy to create a single factor authentication scheme as it is a multi-factor scheme.

Password Self Service Authentication Flow Builder

One Size Doesn’t Fit All

With your end users accessing corporate data both within the network and remotely off-site you might want to enhance the verification checks for anyone accessing their self service account remotely. Access Manager authentication scheme builder can uniquely configure authentication schemes based on how end users are accessing their passwords. You can have IP restrictions combined with password authentication configured for those accessing the system through the web-portal and configure much more stringent policies for anyone coming in via a mobile device; passphrase authentication + PIN authentication + personal questions authentication.

Fine-grained Authentication

Access Manager password self service takes things one step further, not only does it allow businesses to configure multi-factor authentication schemes and configure unique schemes across each access point (mobile, desktop, web) but it also allows each password self service action to have a different schemes as well.

You can set one authentication scheme for password reset actions through web-portal access and have another for password reset via desktop access but you can also configure a unique authentication scheme just for account unlock or account creation.

Supporting Your Security Infrastructure

We know how important security is to you, your data is your business and Access Manager has been built with this in mind. Identities are the key to accessing your corporate data which is why Access Manager provides robust and flexible security so your end users can safely self service their account; reset passwords, unlock accounts, update profiles.

Nervepoint Access Manager is a complete identity password self service solution empowering end users to manage their own accounts, reset forgotten passwords, unlock accounts, update profiles, provision accounts and more. It has an actively evolving product and as ever has no per-feature fees. Plan your budget with confidence, because there will be no surprise fees down the road.

And don’t forget Access Manager is completely free to download for 30 days with no hassle so give it a go and get in contact.

In the tradition of worthwhile upgrades, R7 includes a number of key fixes the most important of which is improvements to the authentication flow UI. The UI responsiveness of moving authentication modules in and out of the flow can be very slow so we’ve gone back and improved this making it much quicker. Now UI changes occur instantly. The full list of changes in this maintenance release are shown below.

Noteable Bug Fixes

• Fix: Authentication flow is now more responsive to user actions
• Fix: VM management console is accessible via Internet Explorer (only new installs)
• Fix: HTML enabled email templates save correctly
• Fix: Captcha authentication module can be added before username
• Fix: A number of UI compatibility issues with IE resolved
• Fix: Question authentication scheme now handles more than 18 questions
• Fix: Formatting issues with long question text have been resolved

Updating

To upgrade your current version simply go to the update page and click ‘Check‘ which will inform you of any available updates. Simply hit ‘Upgrade‘ to get the latest release.

Thanks
The Nervepoint Team
Twitter:NervepointTech

As Gunnar says authentication is a mystery, “We try to stitch together some details and guess whether the person on the other end of the http connection matches the record in the user directory” and that we should improve, “the quality of guesses“. It’s great to see that NAM does just that through the use of authentication flows.

Improving guesses is to increase the number of authentication steps an end user needs to go through. Using simple drag and drop you can take any authentication context from the list and move them into the authentication flow and order them to your hearts content. The more steps an end user needs to authenticate the more likely the right user is accessing the system.

The great thing about this that others struggle with is that NAM enables this across all parts of the system. You can configure independent authentication flows for each end-user component: password reset, account unlock, end user’s home page and even the administration portal – but it doesn’t end there. Authentication flows can be managed across all the access points too: the web-portal, the desktop MSI app and even the Nervepoint Access Manager mobile app for remote self service.

However, ‘with great power comes great responsibility‘ increased authentication flows with multi-factor authentication does improve security and improves ‘guess work‘ as Gunnar puts it but it also impacts end-user experience. So this is a balancing act and NAM provides you with all the configuration options necessary to find that balance.

KPN security breach closes self service portal

It struck me that this is what self service password management (SSPM) solutions are surely for! Here are some benefts that SSPM solutions like Nervepoint Access Manager can provide:

• Periodic password renewal – even if your end system does not have password renewal capabilities SSPM solutions can be configured to enforce password changes periodically, with administrators able to define the renewal period according to business requirement/risk/security policy.
• Enforced password complexity – SSPM solutions can enforce complex password rules. Password policies can configure password length, format, use of numbers, symbols etc. Passwords which match or are similar to usernames can be disallowed.
• Multiple access points – the key to user adoption is convenience and something like Nervepoint Access Manager not only provides a web-portal for customers to manage their identity but also through a convnient mobile app which helps encourage end user take up.
• Proactive monitoring – with real time data and a raft of management information and reporting functionality, IT admins can get a birds-eye view of customer password activity; those who have not registered with the system, those that keep forgetting their passwords, those locked out etc.
• System alerts and auditing – alerts and notifications of unusual activity can help prevent bad practice or even identity hacking attempts.

Leaving it to SSPM

Any service that requires password or identity management services can benefit greatly from using dedicated solutions. It means you can focus on serving your core customers while leaving password and identity management to specialists.

With API support and branding customers would not lose any continuity or see any difference.

Traditionally password management has been an IT responsibility. With so much at stake, businesses need to be certain that a user’s identity is securely managed. Regulatory compliance initiatives and good security practices require strong password policies and with users having access to more and more resources there is increased risk from insecure password practices.

A consequence of businesses getting bigger and spreading across the globe is increasing pressure on IT and organizations are increasingly recognizing the need to implement a strong self service password management solution.

However, doing so is not easy – there are a number of challenges that must be simultaneously met.

The Challenges

• Reducing IT costs
• Reducing IT call volume
• Maximize user adoption
• Strong security business-wide
• Business user acceptance
• Simplicity across the business

How We Address the Challenges

Access Manager provides a number of components that tackle these challenges head on:

Multiple Access Points

Access Manager provides not only the defacto web-portal for password management and administration access but complements this with Windows desktop portal as well as a dedicated native mobile app. The range of access options increases user adoption by providing every possible way of managing your password.

Secure Authentication

With a number of authentication methods Nervepoint Access Manager goes above and beyond to ensure the right users manage the right identity

Secure Communication

Access Manager securely accesses Active Directory variants but unlike other vendors also supports Unix systems too. This not only maintains a strong secure access channel but simplifies password management for users with access to multiple resources

Business Reporting to get Management Buy-in

Access Manager not only provides real-time dashboard for administrators to monitor password activity but all system events are monitored too. End users benefit with notifications and business users have the ability to see password management activity

Simplicity Across the Business

With an intuitive web portal that is replicated across both desktop and mobile platforms users can easily manage their identity. Administrators are provided with a comprehensive portal providing a clean user friendly dashboard detailing the most vital information, an array of security options and the ability to integrate Nervepoint Access Manager into the corporate environment through desktop and mobile branding abilities.

Reducing IT Calls and Costs

Reducing costs is one of the most significant factors in business and never more so than in challenging economic conditions such as those being faced by enterprises across the board today.

IT solutions and automation can play a pivotal role in achieving this so with an array of access points, in-depth reporting and range of connectors, Nervepoint Access Manager is designed to cost effectively manage the entire organisation. The greater the number of users, the greater the savings in IT costs meaning faster return on investment and a reduced load on IT.

The iPhone app enables end users to safely and securely reset passwords, unlock their accounts and manage their identity remotely or on the go. The app is available below free of charge to be used with your Enterprise installation of Nervepoint Access Manager.

Not only is Access Manager the most complete and affordable Password Self Service solution on the market it now has a free native iPhone app to make life even easier for your end users.

Enjoy!

Password Self Service native iPhone app

Dependent on Mobility

Mobile devices have given us so much flexibility than ever before, we are no longer tied to the four walls of our office space or to a single geographical location we can do business anywhere in any place. With so many businesses spread across the globe mobility has become vitally important and if you can’t read your emails, view documents, carry out your day to day tasks you are looking at a lot of wasted hours.

It becomes that much more important that identity access solutions, password self service solutions need to cater for mobility. Imagine working off site and needing to access certain documents remotely, we already know that password problems account for the highest number of help desk calls. If you cant access what you need because you have forgotten your credentials or your password needs changing, not only do you lose productivity till IT support get around to you, but if on a customer site, customers lose some confidence in your organisations professional abilities.

Fundamental Component of Business

IT operations are all working around the clock to service its employees, its unfortunate if business users can not utilise these services 24/7 because of password problems.

Passwords are such a fundamental part of any IT system now that it’s a must for any organisation to provide their employees with a means of overcoming password problems without IT intervention.

This is supported by a recent round of interviews we completed, one of the issues that came up was the need for password self service and identity services to be mobile; to provide a way to easily, natively, carry out basic end user actions such as password resets to help keep employees operational with so many now working on the move.

Mobile Self Service app

This feedback became the catalyst for Access Manager mobile the first native iPhone app for end user self service. Business users no matter where they are now have the ability to change their password remotely, reset a forgotten password, unlock accounts, manage their profiles and with the next release administrators will be able to manage their entire systems all remotely through their mobile device.