Usernames and passwords are what most computer applications use to identify users and secure data. But passwords–especially ones complicated enough to be secure–can be difficult to remember. Without an efficient self-serve password reset program in place, employees who forget their passwords or get locked out of their accounts have to call the Help Desk and ask for their passwords to be reset.
In many organizations, the user’s password will be reset to something generic, like Password123, and the user will be prompted to choose a new password upon login. A major security flaw in this method of resetting passwords is that it is nearly impossible for the Help Desk employee to ensure they are giving out the new password to the actual account holder.
Implementing a self-service password reset system in your company provides a number of immediate benefits. These benefits include:
Lower Help Desk costs
Every password reset call to the Help Desk has a cost. It costs the time of the Help Desk staff who must take the time to verify the user’s identity before resetting the password and sharing the new credentials. All the time Help Desk employees spend resetting user passwords is time they are not able to perform their other–and likely more important–duties. If Help Desk employees are getting bogged down with multiple password reset requests a week, a self-serve platform could help lower costs and let them focus on the parts of their job that cannot be automated.
Increased account security
Instead of verifying information over the phone, which is susceptible to social engineering tactics, users can choose to answer a series of challenge questions to verify their identity during the automated process. Challenge questions are also somewhat insecure since many challenge questions ask information that could easily be uncovered. Implementing multi-factor authentication will make the system even more secure. Instead of resetting passwords with temporary credentials, a self-serve password reset program lets users enter in a new password after verifying their identities through email, challenge questions, or multi-factor authentication. Also, a self-serve password reset program logs records of all login attempts and reset requests, making it possible for security teams to identify attempts to breach the system.
More productive employees
Manual password resets are a bottle neck in many organizations. End users are prevented from getting their work done while locked out of their accounts, and Help Desk employees have to drop their other priorities to verify the user’s identity and reset their password. Saving time and improving security provides a win-win situation for both end users and IT staff. And with Help Desk employees and end users able to focus on their jobs without having to worry about password resets, everyone can be happier and more productive.
A self-serve password reset program like ASPG’s ReACT lets end users of the system reset their own passwords so they don’t have to call into the Help Desk. The system relieves the Help Desk of the burden of the job while simultaneously making user accounts more secure. ReACT is also able to synchronize the password reset process across the enterprise. Through compatibility with multiple operating systems and applications, ReACT can operate as a centralized enterprise-wide password management tool. ReACT can also enforce a multi-factor authentication, which will make the system more secure by requiring individuals who are trying to reset a password to provide something only they have instead of only asking for things they know, but any hacker worth his salt could also find out.
To learn more, sign up to receive a 30-day free trial today. During the trial, you will be able to evaluate the features of the product, see how it will work in your IT environment, and test its compatibility with your applications.
