Abstract

A secure adaptive password reset technique is proposed herein that enables a passkey‑first, risk‑adaptive enterprise password reset system that binds reset authorization to device trust and behavioral risk, producing phishing‑resistant recovery without sacrificing usability. The system issues a short‑lived reset token cryptographically bound to a verified Web Authentication (WebAuthn) assertion (when available) or to a policy‑selected fallback factor set driven by a composite risk score. The proposed system adds replay‑safe tokenization, three‑minute transaction windows, and full observability for audit and anomaly detection, and integrates with existing identity providers (IdPs) and directory systems through a modular orchestration layer.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Recommended Citation

Musugu, Pradeep; Pal, Amit; Vinjapuri, Swaraj; Rana, Sarabjeet; and Killekar, Santosh Dattatray, "SECURE ADAPTIVE PASSWORD RESET FOR ENTERPRISE", Technical Disclosure Commons, (March 05, 2026)
https://www.tdcommons.org/dpubs_series/9452

Download

COinS

Technical Disclosure Commons

Defensive Publications Series

SECURE ADAPTIVE PASSWORD RESET FOR ENTERPRISE

Abstract

Creative Commons License

Recommended Citation

Browse

Search

Submit

Additional Information

Technical Disclosure Commons

Defensive Publications Series

SECURE ADAPTIVE PASSWORD RESET FOR ENTERPRISE

Inventor(s)

Abstract

Creative Commons License

Recommended Citation

Share

Browse

Search

Submit

Additional Information