Facilitated Password Reset

for the service desk process

Secure password process in the service desk

Users call the service desk with password problems – even when they have self-service. Is this process secure? Can you trust the authentication process, or will it be easy to circumvent for an “attacker”? FastPass Facilitated Password Reset Module (FPR) offers a comprehensive and compliant solution for the assisted password reset process in the service desk.

FPR reduces the risk for data breaches and the costs associated with IT crime. The password reset process in the service desk is the easiest place for an “attacker” to gain access to user credentials and authentication. FPR helps you manage the risk and costs!

THE FASTPASS OFFERING

https://www.youtube.com/watch?v=JFZnY54NmDo

CLOUD AND ON-PREMISE

FPR controls the steps the service desk agent must do to authenticate a user calling in. Dynamic and contextual data is used for authentication, combined with static data and tokens. Even management approval can be integrated. Risks and costs with authentication can be balanced to fit different user groups. Facilitated Password Reset (FPR) is available for in-house and cloud.

The Challenge

  • According to Service Desk Institute 35% of organizations don’t have a management approved process for user authentication. Most of the remaining 65% have a very “light” process. Cost of data breaches increase year after year according to IBM and Ponemon Institute with an average cost of $4mio in 2016 per data breach!
  • The weakest link and the easiest place for an attacker to get access to information and rights is in the service desk. In many organizations, a phone call with a friendly tone will get you another user’s password from the service desk! The first step in any protection of IT-systems should target this process. Asking users for general static information like user-id, personal address, date-of-hire and likewise is simply too easy for a resourceful hacker!

Solution for large organizations

FastPass Facilitated Password Reset (FPR) introduces a management defined process for authentication and issuance of access codes. The service desk agents don’t need privileged passwords anymore. FPR uses dynamic and contextual information to help authenticate the users – information that is not available to hackers through social engineering. Other authentication methods include personal Q/As and use of tokens like SMS and private e-mails (the corporate email is of course not available!!).

For absolute authentication security, the user’s manager can be asked to vouch for his employee. This will of course require the manager to authenticate with his normal password.

In large organizations, there will be different processes for user-groups with no access to critical information and other user groups with access to critical or very critical data and processes. In this way management can balance risk and cost accordingly.

The ideal solution is a combination of advanced self-service and a secure facilitated process as FastPass Enterprise for self-service and FPR!

Please contact us for a meeting regarding your situation and choices

What is: FastPass Facilitated Password Reset (FPR)?

 

FPR is the tool for the service desk agents, when users call with a password issue. This document is a short overview of the functionality in FPR. To understand the business benefits of FPR please see the announcement documents of FPR.

Different workflow for different user-groups:

Management can decide and configure the work-flow that the service desk agents must follow to issue a new password for the user. Management can balance risk and cost to fit the different user-groups. The user-groups are defined from AD group membership.

User authentication:

The most critical part of the process is to authenticate the user to an acceptable level. For some users, this will require 100% – for other users it might be enough, that it probably is the right user!

In large organizations, the process assumes a service desk agent talking to a user on a phone: mobile or fixed-line (internal phones typically).

Authentication (or proofing) of the user starts with dynamic and contextual data, like:

  • Is this the user’s normal workstation?
  • Is the user coming from the normal location?

The special quality with FastPass is, that FPR can see the user’s information even when he can’t log in to his workstation, because he has a password problem! Other questions in this category might be:

  • When was the last time you logged-in?
  • When did you last change your password?
  • Why didn’t you do self-service?

The service desk agent can use the static questions / answers from the self-service solution and see if the answers are trustworthy. It can be questions like:

  • Who was your favourite boss?
  • Enter the numbers 5-9 of your driver license.

The answers might be partly truncated.

If the user has some kind of token (like a mobile phone) the service desk agent can involve this token in the process (sending a code via SMS to the user). Other methods for something the user has can be included too. It is important to understand, that the user might not have his token – as he is not able to do a self-service password reset!

For some users and in some situations, it is necessary to involve a manager or another trusted person (like a manager in the service desk) who will vouch for the user’s identity.

 

Password action:

FastPass FPR will based on the information gathered and the user’s profile decide if the user can get a new password. The decision is based on the number of points required for this user-group. Some user-groups might only need few points whereas others might need maximum points. Some questions or requirements can be mandatory.

If the user can’t be approved, the service desk agent can escalate the incident to management level.

For an approved user, the service desk agent can then forward:

  • A reenrolment key to password self-service where the user then can make his own password
  • A one-time password

The password can be delivered in different ways to protect the transmission of the password.

 

Monitoring:

All steps and data are logged for monitoring.

Basic reporting is available in FPR, but data can too be transferred to the company’s data warehouse for analysis together with other authentication information. The transfer can be real-time or batch.

Alerts can be defined to send real-time alerts to users, managers service desk and security managers for all different kinds of predefined situations. Likewise, tickets can be forwarded to the central ITSM tool.

 

Testimonials

”We strive continuously to improve our service. It is important to us to deliver modern and simple solutions helping customers to a more efficient operation. The cooperation with FastPass is yet another step in this direction”.

Mads Jacobsen
 Associate vice president

... seen an 80% reduction in assisted password resets. We’re very satisfied with the product. It has significantly freed us up from frustrating and unrewarding password resets

Oliver Holmes

Deputy Director, Technology and Operations

... The numbers have grown to the point that it would be impossible to operate in today’s busy environment without a password management service

 

 

FastPass handled 2,531 password calls, or more than 80% of the total password calls from all the users.

Per Kristensen

Project manager

 

...we have met our Customers’ Service and Cost Improvement challenges by reducing our call abandon rates by over 55% and our average wait times by over 60%, despite our overall budget being reduced.

Pete Townley

Lead Service Delivery

 

… about 90% use FastPass to reset their passwords. So we’ve seen a substantial reduction in calls to the help desk.

Winston Hughed

Vice President IT

 

We are very pleased with the product.  Fast pass has simplified password management and eliminated many password related calls

 

Chuck Mick

ERP Manager

Nyrstar has chosen FastPass to automate and improve the processes related to users’ forgotten passwords. This has improved user satisfaction and reduced the workload in the IT HelpDesk.

The number of forgotten passwords per involved user per year has dropped from 1,6 to 0,3. This is an improvement of 83%!

Hans Lauwers

SAP

 

... The numbers have grown to the point that it would be impossible to operate in today’s busy environment without a password management service

Haydn Tarr

 IT Technical Lead & Coordinator

 

Our employees use it to synchronize their Windows password with their IBM i password when they need to be changed every 90 days due to compliance. We find this is a quiet, behind-the-scenes way for our employees to change and remember their passwords.”

Larry Marxen

Director of Information Systems

 

North America T: +1 (212) 419-4921

Europe T: + 45 4810 0410

FastPassCorp A/S 1350 Avenue of the Americas, 2nd Floor, New York, NY 10019, USA FastPassCorp A/S Lyngby Hovedgade 98Kgs. Lyngby, DK 2800 Denmark

© FastPassCorp A/S. All Rights Reserved.