Remote Reset from the Administrator's Perspective

Resetting SafeHouse volume passwords from an administrator's perspective is a fairly simple task.

The overall process is broadly described as follows:

  1. You receive a request for a remote password reset. This will frequently be by email; however, you can also see a list of all pending requests by logging into

  2. You click on the email notification link or log into to display the corresponding reset request form.

  3. You review the request, speak with the client, and ultimately make a decision to approve or deny the request.

  4. You finalize the request and cement your decision by selecting either to approve or deny in the web form's drop list and entering your administrator credentials to authenticate yourself as an authorized administrator.

  5. Your response is sent back to the web server and the waiting client is automatically notified that you've responded to their request.

Which Requests should be Approved?

The biggest decision you'll need to make is whether or not to approve a specific request.

SafeHouse does not impose any policy requirements in determining which requests can or should be approved. It is up to you and your organization to decide on your own internal rules for making these kind of decisions.

We know how important it is to make the right decision. As such, SafeHouse gives you as much information as possible to help guide your choice; but in the end, the choice is ultimately yours, and the publishers of SafeHouse take no responsibility for incorrect decisions or attempts by employees to coerce or fool you into resetting the password for a volume which does not belong to them.

Authenticate and Take Action

You must authenticate yourself as an authorized administrator in order to perform any kind of administrative action on a pending password reset request.

You may authenticate yourself using either:

Please know that even though you will be using a web form to perform the administrator authentication step, at no time will your password or credentials leave your machine or be transmitted over the Internet. All cryptographic operations relating to authentication are performed locally on your PC. Only the pass/fail result of your authentication attempt  is communicated to the SafeHouse website. Neither the SafeHouse website nor the folks that operate it will ever have access to your administrator password -- this is an absolute guarantee!

Below is a partial screen shot of the web form you'll need to complete. Click to see entire form.

Using an Administrator Smartcard

To authenticate using an administrator smartcard instead of an administrator password, insert your smartcard and click the Administrator Smartcard tab. This will change the view to accept your smartcard as an alternate form of authentication provided the card contains the correct information.

See Using Smartcards for Administration.

All Activities are Logged

The website keeps an audit log of all password reset transactions.

Access to is not Required

Support personnel tasked with performing SafeHouse password resets do not need to be able to log into the website. Sub-level administrators can carry out all their duties using an administrator smartcard (so it is not necessary to know the group password) and using email notifications (so it is not necessary to log into the website) to display the password reset request web forms.

SafeHouse Must be Installed

Please know that SafeHouse must be installed on any machine being used to perform the administrator's side of a remote password reset. This is due to the fact that the web form programming (javascript) makes extensive use of locally installed cryptography components that are installed alongside the SafeHouse software.

If the SafeHouse software is not installed when you attempt to display the web form, you will be redirected to an error page.





SafeHouse Professional Edition  USB Software  SafeHouse Personal Edition  SafeHouse Software  Compare to TrueCrypt