Copy/Paste prevention during password reset | Password reset security - ADSelfservice Plus

Copy/Paste Prevention during password Reset

It goes without saying that a password is supposed to remain a secret. Another point to remember is that during an operation like a password reset, passwords tend to be vulnerable. To ensure that password resets happen efficiently and accurately, it is strongly recommended to disable the copy and paste option in the password fields.

How does disabling the ability to copy and paste ensure efficient password resets?

Generally, there are two fields involved while resetting passwords: New password and Confirm new password.

Most organizations tend to use password masking (replacing the characters in a password with bullet points or asterisks) to prevent over-the-shoulder snooping. While this is beneficial, if it's coupled with the ability to copy and paste passwords from one field to another, it could become disastrous.

Imagine a user resetting their password. They have a password in mind and type it out in the first field. Since the password is masked, the user is not able to view the spelling mistake they've made while typing the password. Now if they copy and paste the same password into the Confirm new password field, they might not realize that the password they had in mind was not the password they actually created for their account. As a result, they might end up locked out of their account the next time they try to log in.

Prevent users from copying and pasting passwords with ADSelfService Plus

ManageEngine ADSelfService Plus provides a reliable, easy-to-implement solution for efficient password resets.
By allowing you to block your users from copying and pasting values within the password fields, it ensures that password resets happen systematically, which in turn eliminates account lockouts.
So, how do you do that in ADSelfService Plus?

Steps to follow:

  1. Log in to the ADSelfService Plus admin console with your credentials.
  2. Navigate to Configuration > Self-Service > Policy Configuration.
  3. Click Advanced and browse to the Reset & Unlock tab.
  4. Check Prevent a user from using 'Copy & Paste' in the password fields.
  5. Click OK to save the settings.
That's it! You've now blocked the copy and paste option for your users' passwords!

      New to ADManager Plus?

        New to ADSelfService Plus?