Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

Thycotic PAM Glossary

Learn about Privileged Access Management and Cyber Security

Self-Service Password Reset (SSPR)


What is Self-Service Password Reset?

Self-Service Password Reset enables users to reset passwords themselves whenever a password has expired or been forgotten.  SSPR solutions have evolved into letting users quickly and easily reset their passwords in a couple of clicks.

Self-Service Password Reset tools should be readily available on a user’s workstation or through a web browser in a portal or a dedicated application. Secure self-service password management requires that resets are automated and configured centrally. To ensure proper authentication of the self-service user, the SSPR tool should offer a range of methods to unlock access, such as answering secret questions, sending OTPs by SMS or email, or using a mobile MFA solution or a unique URL.

How do Self-Service Password Tools work?

Resetting a password with an SSPR tool generally starts with the user accessing a portal that triggers a verification method whereby the end user is asked to put in the username associated with the password that needs to be reset.

Next, reset users need to prove or authenticate they are the owners of the account.  SSPR solutions may require the authentication process to follow a single step, while others may require multiple steps.  As noted above, these should include multi-factor authentication

Once authentication is completed, the user can enter a new password following the organization’s guidelines or policies for selecting a strong password. In solutions that work with Active Directory, the native AD password policy can be overridden to offer more stringent/ configurable passwords. These are applied locally to the password self-service application rather than natively in Active Directory.

Once the new password has been accepted, synchronization should be enabled to propagate the new password across all linked systems. At the same time, the end user should be notified of the password change. This final step is essential so that an unauthorized password change will be flagged to the end user, who can then notify IT that a password change has been initiated without being requested by the user.

SSPR notifications can also provide an alert informing users when their passwords are getting close to expiration.  This allows end users to change their passwords rather than password reset and help encourage users to change passwords to improve their security hygiene frequently.

Self-Service Password Reset user authentication

To safeguard and expedite the authentication process, the Self-Service Password Reset user should have previously entered information so that the SSPR solution can verify that the user requesting a password reset or account unlock the right user.

Answers to questions in the authentication process are compared against the stored set of information in the user’s profile.  This could also include the end user’s device information, such as a mobile phone number used in multi-factor authentication.

Notifications can also alert each user when their password is near expiration, allowing an end user to self-service change password rather than password reset. This adds a level of security by encouraging users to change passwords across their main or linked accounts frequently.

What are the benefits of Self-Service Password Reset?

  • One of the primary benefits of SSPR is reducing the workload of your organization’s help desk. Automating the password reset process can save hundreds or even thousands of hours of IT staff time every year.
  • Allowing your users to reset their passwords, especially those working remotely, keep them happier and more productive. Research indicates that the average employee loses $420 per year struggling with passwords, with nearly a third of users resetting passwords more than 50 times per year.
  • You improve security and reduce the risk of a breach by enforcing secure end user password controls based on your compliance and policy requirements. Self-service Password Reset ensures that password issues are resolved with proper user authentication, eliminating human error at service desks and minimizing the risk of social engineering attacks and identity theft.
  • Most SSPR solutions can be deployed quickly and customized to your particular organization. This helps ensure widespread adoption across your organizations with an easy-to-use tool.

More Self-Service Password Reset Resources

Reduce help desk calls and improve security with Thycotic Password Reset Server
Password Reset Management (PDF Datasheet)

Product Trial:
Self-Service Password Reset Tool

How to minimize Help Desk calls with Password Reset Server

Password Reset Server Demo | End-user Password Management


Like this post?

Get our top blog posts delivered to your inbox once a month.


Other Glossary Entries