Password reset calculation

Identification score

To increase your identification score, you must enable multiple identification methods. If you’re currently using only one method, such as a username, adding another method like an email can increase your score by approximately five points. Additionally, enabling CAPTCHA adds 10 points to your score and help to prevent the bots from exploiting the password reset flow.

Verification score

To achieve a high score, you must use at least two verification methods with medium or high security levels. Each method adds up to 15 points (medium) or 25 points (high).

For the custom verification types, you must assign the security level. By default the custom verification is set as low.

Configuration score

To optimize your score, enable either the Email/SMS Password Reset URL or auto-generate passwords. If neither is enabled, the score is set at 10 points. Enabling either of these options fetches 20 points.

Password Policy Score

To maximize your Password Policy Score, enable the Password Policy on the Credential Store if it isn’t active. Implement the Enforce History Policy to prevent users from reusing their last five passwords as defined in the password_history_limit property. Use a High strength password policy and enable the following settings:

Send password reset process security score notification is a weekly job that send reminders to the password admin about the score and recommendations to improve the score. An email notification is sent to the Process Owners of all the active processes if Enable security score notification option is selected in Password Reset Process form.