Unauthorised User Access
Unauthorized user access to the MyPass Password Manager solution is restricted through a variety of methods:
- Notifications of authentication attempts or password resets (including 53 other optional notification templates) are sent to the user.
- A user cannot answer the same challenge question twice, or have the same answers to questions.
- MyPass Password Manager always checks if a user is still enabled and active in AD before the user can use the service (the solution will never enable users that are disabled in the target repository).
- Users are locked out from MyPass Password Manager (not Active Directory) after three failed verification attempts. Helpdesk assistance is required to unlock the account.
- CAPTCHA protection can be added to protect against robotic intrusions.
- Optional two-factor authentication can be implemented for specific user groups.