Does your service desk give passwords away?

If at least 35% of companies don’t authenticate users with a password reset call – what is then at risk?

GET IN ONE CLICK!

Does your service desk give passwords away?

When users forget passwords, they call the service desk to get a new password to get back to their work. It happens every day many times in most service desks. But how does your service desk prevent that passwords are passed on to a wrong individual? Do you have a password reset manager assisting the service desk?

According to a Service Desk Institute research, 35% of organizations do not have management decided process – each analyst must make his own. Does this make us secure?

In the remaining 65%, the majority uses questions for data easily available like employee number, manager’s name, department number and other information readily available for criminals.

What is a password reset best practices?

When users forget passwords, they call the service desk to get a new password to get back to their work. It happens every day many times in most service desks. But how does your service desk prevent that passwords are passed on to a wrong individual? Do you have a password reset manager assisting the service desk?

According to a Service Desk Institute research, 35% of organizations do not have management decided process – each analyst must make his own. Does this make us secure?

In the remaining 65%, the majority uses questions for data easily available like employee number, manager’s name, department number and other information readily available for criminals.

Facilitated password reset principles

Gartner calls the process for Facilitated Password Reset. “The reality is that no matter how foolproof a Self-Service Password Reset (SSPR) solution is, the need for service-desk-assisted password resets will likely always be there.” “A facilitated reset allows a delegate (such as an administrator or service desk operator) to perform a password reset or account unlock on behalf of another user. That said, there are often security holes in the facilitated reset process.”

 

How can we make the facilitated password process secure?

  • We must have a common process decided by management
  • We must have different workflows to balance risk and costs for different user groups
  • We must prevent circumventions by the service desk analyst, this means no privileged passwords!
  • We must include many different information types for the manual authentication – in particular, dynamic and contextual data in addition to static data and tokens
  • For individuals with very high-security settings, we must include multi-person authentication
  • Monitoring and alerts must be part of the solution

 

This can, of course, be done manually, but the only true way to enforce the secure workflow is in a flexible It-system designed for the authentication task. Take a closer look at FastPass Facilitated Password Reset module (FPR), which really is a password reset best practices implemented.

How passwords are broken

The assisted process in the service desk

The easiest way to get a password for a legitimate user is simply to call a service desk and ask. You might have to charm or threaten to get the password, but lots of penetration tests have proven, that this is the easy way in!

 

Want more information about FastPass products, pricing or anything else?

We are here to help you!

Testimonials

”We strive continuously to improve our service. It is important to us to deliver modern and simple solutions helping customers to a more efficient operation. The cooperation with FastPass is yet another step in this direction”.

Mads Jacobsen
 Associate vice president

... seen an 80% reduction in assisted password resets. We’re very satisfied with the product. It has significantly freed us up from frustrating and unrewarding password resets

Oliver Holmes

Deputy Director, Technology and Operations

... The numbers have grown to the point that it would be impossible to operate in today’s busy environment without a password management service

 

 

FastPass handled 2,531 password calls, or more than 80% of the total password calls from all the users.

Per Kristensen

Project manager

 

...we have met our Customers’ Service and Cost Improvement challenges by reducing our call abandon rates by over 55% and our average wait times by over 60%, despite our overall budget being reduced.

Pete Townley

Lead Service Delivery

 

… about 90% use FastPass to reset their passwords. So we’ve seen a substantial reduction in calls to the help desk.

Winston Hughed

Vice President IT

 

We are very pleased with the product.  Fast pass has simplified password management and eliminated many password related calls

 

Chuck Mick

ERP Manager

Nyrstar has chosen FastPass to automate and improve the processes related to users’ forgotten passwords. This has improved user satisfaction and reduced the workload in the IT HelpDesk.

The number of forgotten passwords per involved user per year has dropped from 1,6 to 0,3. This is an improvement of 83%!

Hans Lauwers

SAP

 

... The numbers have grown to the point that it would be impossible to operate in today’s busy environment without a password management service

Haydn Tarr

IT Technical Lead & Coordinator

 

Our employees use it to synchronize their Windows password with their IBM i password when they need to be changed every 90 days due to compliance. We find this is a quiet, behind-the-scenes way for our employees to change and remember their passwords.”

Larry Marxen

Director of Information Systems

 

North America T: + 45 4810 0410

Europe T: + 45 4810 0410

FastPassCorp A/S,  USA

FastPassCorp A/S, Lyngby Hovedgade 98, Kgs. Lyngby, DK 2800 Denmark

© FastPassCorp A/S. All Rights Reserved.

Logo of fastpasscorp, the self-service password management provider