Skip to main content

Introduction to Password Recovery

What is Password Recovery?

Password recovery is an addon provides by Soffid. This addon allows to the end-users revover their passwords. 

Soffid provides the funtionality that allows to config the password recovery depending on the bussiness needs and using different technical solutions. The current available options are the following:

  • Email recovery
  • Questions and Answers recovery
  • OTP recovery
  • SMS recovery

Use cases

Email recovery

When an end-user wants to recover his password with the email recovery method, Soffid will send an email with a PIN code to the end-user to recover his password.

The end-user must enter the PIN code and, if it is right, Soffid will display a window to write and cofirm the new password.

Questions and Answers recovery

When an end-user wants to recover his password with the Questions and Answers recovery method, Soffid will display a window to answer the questions configured previously by the end-user in the self service portal. 

If the answers are rigth, Soffid will display a window to write and cofirm the new password.

Remember, it will be mandatory to config the Questions and Answers in the Self service portal to use this recovery method. In other case, an error will be displayed and the end-user will have to contact with an administrator user.

OTP recovery

When an end-user wants to recover his password with the OTP recovery method, Soffid will display a window to enter the PIN code. The user will need to get the PIN code with an OTP application (Free Otp+, Google Authenticator and Microsoft Authenticator are the most used).

The end-user must enter the PIN code and, if it is right, Soffid will display a window to write and cofirm the new password.

Remember, it will be mandatory to config an OTP device in the Self service portal to use this recovery method. In other case, an error will be displayed and the end-user will have to contact with an administrator user.

For more information about the OTP method you can visit the Two factor authentication (2FA) book

SMS recovery

When an end-user wants to recover his password with the SMS recovery method, Soffid sends an SMS to the end-user with a PIN code to recover his password.

The end-user must to write the pin code and, if it is right, Soffid display a window to write and cofirm the new password.

ESSO

End-users could recover their passwords using ESSO.


Password Recovery questions

1. How long is a challenge/PIN valid? currently, it is 30 minutes.

2. How many times can a wrong PIN be entered? There is no limit

3. Do old challenges / PINs stay active when a new one is requested? Yes, they are active.