This website uses cookies to ensure you get the best experience on our website. Learn more
Password reset best practices for self-service
Security is an essential part of almost everything we do with technology today. We unlock devices, sign in to websites, and routinely find ourselves verifying our identity, whether we’re online for work, or personal time.
In a business setting, routine requests for password resets place a burden on the IT help desk. It’s estimated that such requests account for 20% to 50% of all help desk calls, at an estimated cost of $70 for a single password reset. In a large organization, this amounts to a real, measurable cost in terms of time and productivity, for both end users and help desk employees.
For this reason, self-service options for resolving password issues make a lot of sense. Simply implementing self-service, however, does not allow the IT help desk to wash its hands of these issues. In fact, if the self-service approach(es) your organization takes to resolving password issues is not user friendly or secure, you are introducing risk in the form of:
- Downtime: employees are unable
to access applications and data while they wait for assistance. - Poor ROI: relying on the help
desk is a poor utilization of valuable resources. At the same time, a
self-service approach that is cumbersome and requires a lengthy enrollment
process will go under-utilized. - Security: challenge questions
and password hints are a poor form of authentication in a world where people
tend to over-share information. Even a traditional help desk scenario, where an
employee calls or emails to ask for assistance, often lacks a way to
authenticate the identity of the person making the request.
What does secure self-service look like?
Like many elements of security, self-service password resets require balance. Set the bar too high, and you’ll waste your investment and increase risk as people attempt to circumvent or ignore the controls. Set the bar too low, and you will fail to adequately protect your environment.
With that in mind, self-service tools should enable the following password reset best practices:
- Easy on-boarding or
pre-enrollment options to ensure users adopt the solution. - Integration with existing tools
like Microsoft Active Directory, group policies, multi-factor authentication
(MFA) and other identity solutions. - The ability to authenticate
everyone, everywhere, even remote workers who might be unable to access secure
networks while their device is locked. In the case of remote workers, the
solution should also update their locally cached credentials.
How to secure self-service password resets
By developing tools that empower users to reset passwords, Specops can help organizations manage their help desk costs while also providing a level of authentication that surpasses many of the common approaches to these issues.
Our password reset tool allows users to choose from more than 15 identity authentication providers (including existing investments such as Duo Security, Okta, and Symantec VIP) when verifying their identity prior to a password reset. Administrators can even pre-enroll users with the identity providers using details that already exist in Active Directory. Removing this task from users reduces friction and increases the likelihood they will use the solution instead of requesting assistance from the helpdesk. The solution is especially useful for preventing lockouts for remote users as it updates the local cached credentials during a password change/reset.
Learn more about our self service password reset best practices, and request a free trial to get started today!
(Last updated on September 27, 2024)
Related Articles
-
Password dictionary overview and best practice
As long as users continue using common/predictable passwords, dictionary attacks will continue to work. Hackers are not the only ones who can take advantage of password predictability. The best protection against a dictionary attack is using a dictionary during the password creation process. This means checking future passwords against such dictionaries, and preventing users from…
Read More -
Specops Password Policy comparison and price
In the market for a third-party password policy solution? If an audit has revealed poor password practices, you may look to Microsoft Fine-Grained Password Policy (FGPP) for additional flexibility over default domain password settings. Unfortunately, FGPP still lacks a lot of the capabilities for meeting auditor requirements, regulatory standards, and the latest password recommendations from…
Read More -
Best practice tips for your password policy
Many organizations have yet to craft an effective password policy – the policy says one thing, but something very different is taking place on the network. Is your current approach to passwords adequate?
Read More