Information Security Today Home

New Books

Official (ISC)2 Guide to the CISSP CBK, Fourth Edition edited by Adam Gordon; ISBN 978-1-4822-6275-9
Android Malware and Analysis by Ken Dunham, Shane Hartman, Manu Quintans, Jose Andre Morales, and Tim Strazzere; ISBN 978-1-4822-5219-4
Biometric Technology: Authentication, Biocryptography, and Cloud-Based Architecture by Ravi Das; ISBN 978-1-4665-9245-2
Practical Cryptography: Algorithms and Implementations Using C++ edited by Saiful Azad and Al-Sakib Khan Pathan: ISBN 978-1-4822-2889-2
Ethical Hacking and Penetration Testing Guide by Rafay Baloch; ISBN 9781482231618
The Frugal CISO: Using Innovation and Smart Approaches to Maximize Your Security Posture by Kerry Ann Anderson; ISBN 9781482220070

Self-Service Reset Password Solutions: Issues Addressed and Problems Solved

by Dean Wiech

You're thinking about implementing a self-service reset password solution, but you are not quite sure if it is worth it or if it will benefit your organization. The following checklist provides an easy overview of issues you might face, as well as provides solutions to how a password reset solution can easily solve these issues in addition to saving you time and money.

First, take a look at the following checklist. Following that we'll dig into some of the specific issues organizations face and how self-service reset password solutions address these problems. First, though, does your organization face many or all of these issues?

Large percent of calls to your helpdesk is for password resets
Employees working off hours or in different time zones
Employees wasting time/productivity waiting for a password reset from the helpdesk
Your employees work with customers or patients, and their work is time sensitive
Password resets that need to be performed in many different systems and applications
Many of your employees work outside of the network and still need password resets
Your organization requires complex passwords, which many of your employees forget

If you have a number of these issues, you may be overwhelmed by the level of responsibility required for managing your manual processes; specifically, related to the management of resetting and serving access to employee's systems.

That said, here are a number of issues your peers may be facing because they are not effectively addressing self-service access issues:

Your Helpdesk Receives Too Many Password Calls

On average, 25 percent of the calls to a helpdesk are estimated to be password related, like resetting employees' forgotten passwords. At some organizations this number is even higher, of course. Though password resets are an easy problem for the helpdesk to solve, when there are many of these types of calls a day, this becomes time consuming for staff. This also may require additional staff for an organization that has many employees resetting passwords. If your organization's helpdesks calls are a large percent for password resets, a self-service password reset solution can easily and drastically reduce the amount of calls by up to 90 percent. This allows helpdesk staff to focus on other, more important, issues. In some cases, these solutions also decreases the amount of staff needed.

Multiple Locations or Working in Different Time Zones

Some large or multi-located organizations have offices or employees across several regions, and many times their helpdesks are located only at their headquarters. Other companies have employees or users who need access to systems and applications outside the operational hours of the helpdesk. Take, for example, a school whose students need to access an application after school hours to complete their homework. If they need to reset their password after school then they are unable to contact the helpdesk.

This can also be a problem for other types of organizations, such as banks or hospitals, which might not have a 24/7 helpdesk staff. If employees forget their passwords or are locked out of their accounts on weekends or after the hours of the helpdesk then they are not able to reset their passwords and access the systems or applications that they need.

Time Spent on Waiting for a Password Reset

In many organizations the process of resetting a password is time consuming. The employee has to contact the helpdesk, who then places a work order, resets the password then contacts the users back. This process can take up to half an hour or more, during which the employee cannot complete their work. With a self-service reset password solution employees can be more productive and not waste time on simple issues like password resets. They can proactively reset their own password and continue with their work.

Your Employees Work with Customers or Patients on Time-sensitive Issues

In many circumstances, it is important that your employees are able to log in quickly and access their accounts to properly serve their customers. When a customer has to wait for your employee to call the helpdesk and reset their password it can be an annoyance and a bad customer experience. This is extremely important in the case of care organizations where they need to quickly access systems and applications to serve their patients. In addition, other industries such as those with direct client contact, for example a bank, waiting for a password to be reset can be a huge annoyance for both the employee and customer.

Password Resets Need to be Performed in Many Different Kinds of Systems and Applications

Organizations often use several different types of platforms, including often a variety of web applications. Employees often need to reset their passwords in many different types of applications, sometimes all at once, especially after a long break, such as summer break for schools. With a self-service password reset solution end users can reset as many passwords they need, in virtually any application or platform without having to burden the helpdesk.

Many of Your Employees Work Outside of the Network and Still Need Password Resets

Many organizations have employees who work outside of the company's network, on the road or from a remote location or from home and use mobile devices. These employees often have the same issues as employees who work in the office with password resets. With a self-service password reset solution, employees can reset their password from anywhere and continue with their work.

Your Organization Requires Complex Passwords that Many of Your Employees Forget

To ensure security of the network, organizations often require employees to use complex passwords, including using symbols and a certain number of characters. Though this can increase security, it can also lead them to forget and need to reset their password. A password reset solution can ensure that employees follow a certain password policy that follows the organizations guidelines, when they are resetting their password.

In addition to the many issues that a self-service solution solves, there also are several additional benefits:

Advanced Authentication
Advanced authentication in the form of two-factor authentication or SMS authentication can ensure security by requiring two forms of authentication for the user to reset their password. This will usually be an answer to a personal verification question in addition to a code sent via text message or email. This ensures that the person resetting the password is who they claim to be.

Password resets for mobile devices
Since employees often use mobile devices, many password reset solutions have the ability to work with a web interface. This means that users who are on their cell phone or any other mobile device can also enjoy the benefits of the self-service password reset solution.

About the Author

Dean Wiech is managing director of Tools4ever, a global provider of access and identity management solutions.
Subscribe to
Information Security Today

© Copyright 2015 Auerbach Publications