Organizations looking to reduce the cost of account lockouts and password resets can significantly benefit from Self-Service Password Reset (SSPR) tools. What tools reduce the cost of account lockouts and password resets? The time spent where an end-user is locked out and unable to perform their work duties in itself will result in impacted business processes and will ultimately cost the business. Finally, the end-user may be "dead in the water" waiting on the IT service desk to assist with unlocking a locked user account or resetting a password. It can require the helpdesk team to log in and use many different tools for changing a password in multiple systems for a single user account. The manual process required for the helpdesk team to ensure a password is changed correctly may be labor-intensive. Next, businesses may still be using interconnected legacy systems that require manually changing passwords in multiple places rather than a single change flowing across the environment seamlessly. The process to verify end-user identity by manual means can be time-consuming. This scenario hands an attacker legitimate credentials, which leads to a compromise of the environment. Why is this? An attacker may use social engineering tactics to persuade the service desk to change a legitimate user's account password. In that case, the identity of the user requesting the password change must be verified. Forester Research adds to this finding by research showing the average help desk labor cost for a single password reset can cost upwards of $70 or more.įirst, suppose the organization is conscious of best practice security processes (which they should be) before a password can be changed for an end-user. A study by the Gartner Group found that between 20-50% of all service desk calls were for performing password resets. It might seem like a simple password reset is a trivial matter with no actual cost to the business. What are the costs of account lockouts and password resets? It can create further confusion as the end-user may be using the correct password on their workstation. If a user does not synchronize all device passwords when the account password is eventually changed, this will create issues that can lead to a lockout. Users also have various mobile devices connected to their accounts. Many end-users procrastinate changing their password, even if they are notified ahead of time. This scenario creates a series of likely events. It is generally prompted at the next login on their workstation. When the password age is reached for the user account, the user must change their account password. While new guidance from NIST recommends against the long-held notion of forced password changes, it is still a common and required security mechanism across other compliance standards and industry certifications such as PCI and HITRUST. The password age is the length of time an end-user can keep their current password. Causes of account lockouts and password resetsĮnd-user password policies, such as those found in Microsoft Active Directory Domain Services (ADDS), typically define a password age. This issue has been exacerbated by the COVID-19 pandemic. Modern IT service desks spend a significant amount of time both unlocking and resetting passwords for end-users. None as tedious and costly as resetting passwords. There are many labor-intensive tasks that the IT service desk carries out on a daily basis.
0 Comments
Leave a Reply. |