HID DigitalPersona (formerly Crossmatch) provides a comprehensive multi-factor authentication solution. The vendor’s value proposition is that their solution frees users from cumbersome login activities while making it easy for an IT Team to secure access to their networks, data and applications.
$3.75
per user per month
Hypersocket
Score 8.0 out of 10
N/A
Hypersocket (formerly Nervepoint) enables organizations to efficiently manage and administer end users and their access to disparate systems by empowering end users to manage their own accounts across multiple systems both on-premise and in the cloud, while allowing IT to gain control over user sprawl, cut support and gain in-depth business insight.
During the onboarding process, remote workers can enroll their fingerprints or create secure PINs. This eliminates the need for complicated passwords and enables them to safely access company resources and critical apps from remote locations. HID DigitalPersona's robust authentication techniques and access control features can assist you in adhering to data security laws.
HyperSocket is very well suited if the resources and budget are made available. There is not much a learning curve for the IT Department or for those users already familiar with two-factor authentication. There will be some education and training requirements for most end-users as the notifications and general verbiage can be confusing for some. It may also show some exploits within some end-users who are unaware of a notification but will use the email to reset an expired password without thinking twice if it may have been a phishing email or the opposite where an end-user deletes or ignores the expiration email notification expecting it to be spam/phishing.
Speeding up the login process with fingerprint in PIN rather than having to remember a long password. Our IT department has seen a huge decrease in the amount of account lockout and forgot password calls.
It is highly customizable to meet the needs of remote or on-premises workers. It is all configurable through group policy, so it is very easy to set specific requirements on certain groups.
Setup was quick and the administration guides are very easy to follow if you need to go back in and adjust things.
I find that sometimes I have had to delete a users fingerprints and re-add them. There must be something going on where the software believes that the user has changed their fingerprints.
I have on occasion come across a person where the reader was unable to create fingerprints for that user. It would be interesting to see if the sensitivity of the 4500 reader could be improved on.
I find that using the DigitalPersona software makes the users ultimately forget their passwords. Maybe every once in a while the software could require the user to type in their Windows password to help them remember it.
Help-Desk functionality similar to OneIdentity Self-Service Password Manager, as it provides additional users that do not require administrative access to assist with managing end-users who may have locked themselves out of HyperSocket Access Manager by forgetting their own security questions.
Too many features which become unusable and feel like the payment plans are not flexible since it's an all-in-one product with one price. It is not necessarily a bad thing as most subscription-based pricing forces a buyer to pay more for an integral service that is only available on the highest price-plan. You really do get what you pay for, but we found many of our use-case scenarios limited the product.
This isn't necessarily against the product, just a personal opinion around Multi-Factor authentication which is always primarily driven mobile devices. Not all companies or end-users have access to a multi-factor device, (or in our case, are allowed to have access to a cell phone while servicing members/clients). This creates a shortfall to allow multi-factor functionality to extend to all users unless there are hardware tokens, which can be miss placed or left out more easily as most users don't treat it the same way they would their personal smartphone.
It is wonderful for multifactor authentication and gives us many options for what we use to authenticate. All of our users use it and it is engrained into our group policies and people would be very disappointed if it went away.
I think there are still fundamental enhancements needed to be added to the management consoles and I think there ought to be a Centralized, Windows Based "Thick" Management Application instead of individual utilities which vary from MMCs, Scripts, Wizards, etc.
Extremely poor; I've never encountered such. Professional Services completely dropped us for months. Crossmatch tech support seems like it has 3 techs tops! No response to emails, calls, the absolute worst! I will never recommend DP to anyone.
Could use tools to audit license usage at a more granular level as to allow an administrator to free up licenses from users whom seldom use their biometrics to login.
We have used One Identity for software tokens. The Defender software tokens were originally included with our bundle and work pretty well for integration into the AnyConnect VPN client with Cisco. All that said, we use the two products for different applications and DP does what it does very well.
Nervepoint Access Manager (NAM) has the ability to deal with multiple domains. While ServiceNow at the time we looked at the solution did not (I do not know if it does now). NAM was a more polished, mature product.
I'm happy to say I'm not involved in budgeting or finance, but the financial benefits are easy to state: Less helpdesk time - helpdesk staff don't have to spend time resetting people's passwords.
Users don't have to wait for Helpdesk to get around to helping them log in.
As with any IT Service or Solution, the investment will always be seen as a sunk cost. The only ROI would be the time and resources spent elsewhere rather than with Password Management through an IT Department or similar department. I found that the time spent on password management was about the same, as many users who are frequently forgetting a password are also forgetting their security question & answers.
There are some positives, as it was able to help manage the bulk of their non-windows passwords or passwords related to another online service. The centralized password manager doesn't feel like a true single sign-on but for most users, it replaces a hand-written copy they have taped to a monitor.
It can help with automating some of the active directory workflows with its own user provisioning functionality. Took more time to set up than it was to manage on its own.
