Helpdesk password reset best practices
(Last updated on January 20, 2020)
If your organization is currently using a self-service password reset solution, it is critical that the helpdesk staff who manage the system, and assist users, consistently follow best practices. This post will provide tips for reducing password-related calls to the helpdesk, and outline some security measures for safeguarding user accounts.
Educate and direct to self-service
Password related helpdesk calls are not only costly, but also drain IT resources that can be better spent on more pressing issues. So when a self-service password reset solution, such as Specops uReset, is implemented, the helpdesk staff cannot fall into the trap of continuing to unlock accounts. Refer users to an FAQ, or provide them with a guide that walks them through the enrollment, and password reset process. The aforementioned guide should be made available to all users, and also used during the employee onboarding process. In addition to showing them what to do, you must also explain: What’s in it for them? Benefits include: 24/7 availability, accessibility from any web browser / multi-device support, and maximum security as your password will never be shared with the IT staff.
Know who is calling the helpdesk
The helpdesk is a popular target for hackers. The most popular tactic used is social engineering. While social engineering is extremely common when using security questions, it is much less common if multi-factor authentication is used. Specops uReset enables the helpdesk to verify the accounts of users, using any of their enrolled identity services, or by sending a text message, containing a code, to the mobile number associated with the user’s account. For high security accounts the helpdesk can layer the identity services for increased security. This removes the opportunity for user impersonation.
Issue temporary passwords
Once a user has been verified, the helpdesk can set a new password for the user. When setting a new password, the password must be unique to the user. The same password should not be re-used, and the password should not follow a guessable formula, i.e. a variation of the user ID. Finally, the “never share your password rule” also applies to the helpdesk, thus the new password should be temporary, and the user must be required to change their password at next logon.
Keep an eye on the statistics
It is best practice to view the individual statistics for all users requiring a password reset. A full history of system usage for the user can help identify if the user is using the system correctly. An excessive amount of password resets indicates an opportunity to further educate the user about password reset best practices.
Typically, when organizations evaluate a self-service password reset solution, the focus is getting people to use the new system. The helpdesk is often overlooked even though they play a critical role in educating users and strengthening security. Don’t forget the role of the helpdesk and give them the features they need to follow these best practices.
Once you have gained the support of stakeholders, you will need to encourage users to enroll in the system. Once users are enrolled, they can authenticate themselves using the identity services that you have selected. Following these five steps will maximize the self-service user adoption rate and a faster and more successful project rollout. Step…Read More
Fake password reset calls are the new hack Service desk staff are trained to help users with password related issues gain access to their account. This makes them popular targets for hackers. According to the 2018 Verizon Data Breach Investigations Report, social engineering, a way to trick users to divulge confidential information, has spiked in…Read More
Return on investment, ROI, value for your investment. Everyone wants it. But finding a reliable calculation method isn’t always easy. The first step is understanding how much password resets are costing your company. Let’s break it down like this for password resets per year: 45 minutes working time lost Bob gets to work in the…Read More