+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

What’s New in Password Reset Server 4.0?

November 18th, 2014

Password Reset Server Self-service Password Reset Software

Password Reset Server 4.0 is out, and it has new features to make your installation simple and easy to use. What will be your favorite new feature?

HTTP Strict Transport Security, when turned on, means that Password Reset Server can only be accessed using HTTPS. It is important to access sites that send or receive sensitive data (such as login credentials) with HTTPS to prevent man-in-the-middle attacks, but sometimes users unknowingly browse to the HTTP version of a site instead and forfeit the security provided by HTTPS. HSTS addresses this issue by blocking communications through the unsafe protocol HTTP and only allowing users to access the application or website via HTTPS.

.NET 4.5.1
Password Reset Server now runs on Microsoft’s .NET 4.5.1 framework, meaning you will need to upgrade your application pool to use version 4.0 of the .NET CLR. Instructions for how to do this can be found here.

Office 365 Password Synchronization
Users with a Microsoft Office 365 account can now synchronize their password with Password Reset Server and perform password resets for Microsoft 365 accounts.

Help Desk
A brand new feature that admins can now configure is the Help Desk, which gives designated users (usually help desk staff, but it could be anyone) the ability to reset users’ passwords and clear stored answers to their security questions. Each security policy has different Help Desk members, which are assigned by the admin. This allows admins to establish a group of people that can assist users who can’t get into their accounts, but ensures those helpers cannot access the sensitive administrative features that a normal admin can access in Password Reset Server.

Help Desk

The two-factor phone and SMS provider Telesign has deprecated their old API and released their new REST API. Password Reset Server will maintain a legacy option for the old API, but can now be configured to use the new REST API.


The following two tabs change content below.

Thycotic Team

We deploy smart, reliable, IT security solutions that empower companies to control and monitor privileged account credentials and identities.

Leave a Reply