Ver:
Procso que
permite a los usuarios recuperar el acceso a un sistema tras haber perdido su
contraseña, sin recurrir al centro de ayuda de usuarios.
Es habitual
que el usuario proporcione una dirección de correo electrónico a la que le será
enviada una contraseña temporal de desbloqueo. Mediante esta contrasñe
temporal, y durante un periodo de tiempo reducido, el usuario puede acceder y
establecer una nueva contraseña. El acceso al correo electrónico se usa de
prueba de autenticidad del usuario.
Otros
mecanismos más robustos pueden incluir mecanismos más robustos de autenticación
alternativa.
is defined as any process or
technology that allows users who have either forgotten their password or
triggered an intruder lockout to authenticate with an alternate factor, and
repair their own problem, without calling the help desk. It is a common feature
in identity management software and often bundled in the same software package
as a password synchronization capability.
Typically users who have
forgotten their password launch a self-service application from an extension to
their workstation login prompt, using their own or another user's web browser,
or through a telephone call. Users establish their identity, without using
their forgotten or disabled password, by answering a series of personal
questions, using a hardware authentication token, responding to a password
notification e-mail or, less often, by providing a biometric sample. Users can
then either specify a new, unlocked password, or ask that a randomly generated
one be provided.
Self-service password reset
expedites problem resolution for users "after the fact," and thus
reduces help desk call volume. It can also be used to ensure that password
problems are only resolved after adequate user authentication, eliminating an
important weakness of many help desks: social engineering attacks, where an
intruder calls the help desk, pretends to be the intended victim user, claims that
he has forgotten his password, and asks for a new password.
http://en.wikipedia.org/wiki/Self-service_password_reset