ANIXIS Password Reset

Frequently Asked Questions

How is ANIXIS Password Reset different from PPE/Web?

Users can change their password with PPE/Web, but with ANIXIS Password Reset they can also reset their password and unlock their account. ANIXIS Password Reset can also work in a DMZ without any domain controllers, whereas PPE/Web must communicate directly with the domain controllers. Use ANIXIS Password Reset if you need to:

  • Allow users to reset a forgotten password or unlock their account by answering questions about themselves such as their date of birth, first pet's name, etc.
  • Send verification codes to users by e-mail or SMS for two-factor authentication during resets and unlocks.
  • Send e-mail alerts to users whenever their account is used in the password management system.
  • Keep a detailed, searchable audit log of all user activity.
  • Separate the web server from the internal network for extra security.

How does APR authenticate users who have forgotten their password?

Users who have forgotten their password are asked to answer some questions about themselves. They must answer all the questions correctly. The number of questions is configurable from one to ten.

APR can also send a random verification code to users by e-mail and SMS. Users must enter the correct verification code to continue. The length and content of verification codes is configurable, and they can be set to expire after a few minutes.

How can users reset their password if they cannot logon?

The Password Reset Client allows users to securely reset their password from the Windows Logon and Unlock screens. Users can also access ANIXIS Password Reset from a web browser on their mobile phone or tablet.

Does APR enforce a password policy?

The Active Directory password policy is always enforced for password changes, and you can configure APR to also enforce the AD password policy for password resets. You can also install Password Policy Enforcer for more control over user passwords.

Can users create their own questions?

Yes. You need to make some changes to the HTML template to allow users to create questions.

Does ANIXIS Password Reset store user answers?

No. APR only stores the SHA-256 message digests (hashes). A random salt protects the hashes from precomputed attacks. The questions, hashes, and salt are also encrypted for additional security.

Does ANIXIS Password Reset store passwords or password hashes?

No. Passwords are only kept in memory temporarily.

What encryption algorithms does ANIXIS Password Reset use?

ANIXIS Password Reset uses the RSA and AES (Rijndael) encryption algorithms. User answers are hashed with the SHA-256 algorithm (SHA-1 for APR V1.x enrollment records).