What is Self-Service Password Reset (SSPR)?
Self-service password reset (SSPR) is a category of products that allow people to reset their own passwords for their online accounts. Instead of having to contact IT or customer support to reset their password for them, SSPR lets user do it on their own. Self-service password reset (SSPR) saves time and money for organizations, and improves experiences for users.
How SSPR Works
It's all in the name: self-service password reset works by giving users a workflow through which they can reset their own password. SSPR is most relevant in the context of Identity & Access Management (IAM), wherein a single identity provider is used to access multiple online accounts.
Standard SSPR workflow:
- Initiate reset
- Verify identity
- Reset password
SSPR workflows can be fast and simple or more complex, depending on the systems involved and level of security required. Generally speaking, a more complex SSPR flow is usually more secure. However, as we explain further down, not all security factors are equally secure.
How to Enable SSPR
Most major identity providers (Okta, Microsoft Entra, Cisco Duo, etc.) offer some form of self-service password reset capability. In all cases, a system administrator must set up the SSPR workflows using their admin console.
Different IAM platforms offer different security measures to protect the password reset process. Okta, for example, offers Reset Via Email and Reset via SMS as default options. Microsoft's default verification options are mobile app notifications/mobile app codes, email verification, and mobile phone verification. It's worth noting that all of these verification factors are vulnerable to common cyberattacks and can be extremely frustrating for users due to their inflexibility.
Learn more: