Frequently Asked Questions
How is ANIXIS Password Reset different from PPE/Web?
Users can change their password with PPE/Web, but with ANIXIS Password Reset they can also reset their password and unlock their account. ANIXIS Password Reset can also work in a DMZ without any domain controllers, whereas PPE/Web must communicate directly with the domain controllers. Use ANIXIS Password Reset if you need to:
- Allow users to reset a forgotten password or unlock their account by answering questions about themselves such as their date of birth, first pet's name, etc.
- Send e-mail alerts to users whenever their account is used in the password management system.
- Keep a detailed, searchable audit log of all user activity.
- Separate the web server from the internal network for extra security.
How does APR authenticate users who have forgotten their password?
Users who have forgotten their password are asked to answer some questions about themselves. They must answer all the questions correctly. The number of questions is configurable from one to ten.
How can users reset their password if they cannot logon?
The Password Reset Client allows users to securely reset their password from the Windows Logon and Unlock Computer screens. The Password Reset Client is included free with ANIXIS Password Reset V2.0 and later.
Can users create their own questions?
Yes. You need to make some changes to the HTML template to allow users to create questions.
Does ANIXIS Password Reset store user answers?
No. APR only stores the SHA-256 message digests (hashes). A random salt protects the hashes from precomputed attacks. The questions, hashes, and salt are also encrypted for additional security.
Does ANIXIS Password Reset store passwords or password hashes?
No. Passwords are only kept in memory temporarily.
What encryption algorithms does ANIXIS Password Reset use?
ANIXIS Password Reset uses the RSA and AES (Rijndael) encryption algorithms. User answers are hashed with the SHA-256 algorithm (SHA-1 for APR V1.x enrollment records).