SELF SERVICE PASSWORD RESET
SEE THE DRIVERS FOR SELF SERVICE PASSWORD RESET SUCCESS
What is self service password reset?
That’s when the users reset passwords without personal assistance. User verification is done with alternate security credentials.
What are self service password reset 3 overall benefits?
- Higher end-user service and productivity
- Security and compliance
- Service desk productivity
6 STEPS TO SUCCESS: Password Self Service
Why implement self-service of passwords?
The key value drivers for end-user services are:
- User self service password reset available 24/7
- Easy password service for BYOD users (password change and expiration)
- Password reset for remote PC’s password cache
- Increased productivity
The key value drivers for the service desk are:
- Time to do important calls
- Fewer calls = lower costs
- Easier planning when Monday morning peaks stop
The key value drivers for compliance and IT-security are:
- The avoidance of penalties and fines from authorities
- The avoidance of the embarrassments of public data breaches
- The avoidance of business losses from data breaches
Research proves that success is difficult to achieve
Market research from Service Desk Institute (SDI) shows, however, that many companies fight with the business case. They find it difficult to get user acceptance, and then it is only 20-40% of the password calls which are handled by self service). FastPassCorp has, however, many customer cases with very high adoption rates, so password self service success is achievable—when you have the right plan and process!
SDI Report "On Security, GDPR and Self-Service Passwords"
Successful Self service password reset with FastPass
Successful end-user service
The profile of end-users has changed rather dramatically. Modern users bring their own smart devices (like smartphones and iPads) and expect to do their work and use the applications on these devices from anywhere and at any time they want. Additionally, users who use the smart-devices have basic password problems with their corporate systems. They are not notified of the expiration of their password (it only happens for on-domain PC users) and it is not obvious where to make the password change.
The simple solution with FastPass is to email password expiration notification to these users, and in the e-mail offer a link to the FastPass portal, where AD passwords can be changed easily.
Users with portable PCs have a special technical problem when they forgot passwords on a remote location like home, a customer’s site, in hotels, but still need to unlock PC. Even the best service desk can’t reset the password on the PC’s cache. This means that although the service desk can reset the password in Active Directory, the user can’t use his or her mobile PC anyway, as the old password remains in the PC. If this happens, the PC remains unusable until the user returns to the office (on a domain)—even an overseas trip can be wasted!
FastPass has a solution for the remote PC password-cache reset!
Service desk productivity
In fact, 86% of companies with password self service had less than 40% adoption or success rate. This means that in 86% of cases, users call in to the service desks with more than 60% of their password problems! This is the result of poor implementation, either technical or organizational.
Many factors are critical in resolving this issue:
- Proper change management and user education become critical.
- Senior management buy-in and sponsorship is of utmost importance. The CIO might even take the stance that no more password resets at the help desk are accepted! With this type of support, the uptake and utilization of the solution increase tremendously.
- The structure and permission given to the help desk may be inadequate.
- Analysis and design of the solution are important. No one solution will fit all organizations and proper analysis of the real business requirements is crucial. This will make the solution relevant to all stakeholders within an organization.
FastPass customers have often proved that adoption rates beyond 80%—even 85–95%—are achievable with the right solution and a best practice implementation.
Compliance and IT-security
For many years, it has been good practice to have relatively advanced password policies (complexity and length, short expiration, history to prevent repeat passwords, and so on), which prevent the theft of passwords. Passwords have been protected technically by encryption in transport and storage, so much has already been done.
At the same time, there has also been a very strong focus on cost reduction in all IT processes, including the service desk. In most companies, password calls must be handled quickly and efficiently. The result is now that many companies don’t even verify identity in place when a user calls for a password reset. Despite the presence of a lot of technical protection, getting a password to another user’s account is mostly quite easy.
Why a privileged user from the service desk or user administration department will give a password to a “wrong” user:
- No authentication process is defined by management.
- A weak authentication process is easy to bypass.
- The privileged user is busy (it’s Monday morning) and hopes for the best.
- The user on the phone charms or threatens the privileged user.
- The privileged user is corrupt / criminal.
It happens! IDC cites other research from 2016 stating that 63% of data breaches are caused by some sort of password issue. IDC suggests using self service of passwords as the way to become compliant in the password process.
With an IT-workflow and “Best Practices" companies can become compliant and prevent the serious risks associated with the misuse of passwords.
Successful Implementation of Self-Service password reset tool
When the decision to implement password self service has been made, the fundamental question is how to help the project owner achieve their business case? Many will consider this an easy target, but the Service Desk Institute (SDI) found that this is far from the case. Success depends on the realization that users are involved, and password projects are not just a technical button!
The SDI survey identified the following inhibitors to success:
Motivation
We want users to change their habit of calling the service desk. The traditional thinking is to inform the users of benefits to them personally. Another important aspect is, however, to be honest about the expected results for the company: Higher productivity and improved security regarding passwords.
Enrollment
All self service password reset software must rely on an alternative method to authenticate, now that the user has forgotten their password. The alternative authentication must be known only to the user and the IT solution. This means that practically all valid authentication methods need the user to enroll.
Accessibility
Users must be able to do self service from the device they have or prefer to use. Large companies will often have different types of users coming from different types of places with different devices.
Authentication
The most common method for authentication in self service is challenge questions. The problem is that 20–40% of users can’t remember the answers to the questions from a standard list. To achieve a 90% success rate requires the introduction of other methods, such as TOTP solutions like Microsoft Authenticator, and token based like smart-cards for authentication to other systems
Assistance
No matter how well a solution is designed or implemented, now and then users will get into situations where the only course of action is to call the service desk. FastPass’s HelpDesk Client helps the service desk to authenticate the user before giving the user a PIN code to re-enroll. Then when the user has enrolled, they can immediately reset their password through self-service and now will probably be able to serve themselves next time.
Compliance
Compliance is becoming increasingly important, driven by the EU’s General Data Protection Regulation (GDPR) act. This means high and direct costs related to data breaches will hit many organizations in case of non-compliance with standard requirements. Making the process secure means it will take longer than usual. This will soon become known in the organization, and users will try harder to be successful with self service.
See a short introduction video on
Best practices for password self service
RESEARCH PROVES THAT SUCCESS IS DIFFICULT TO ACHIEVE
The Catch-22 problem with corporate password problems is that your device is probably locked when you have a password problem. Even though password calls are the most frequent call type in service desks, then the individual users on average only have a problem once per year! This differentiates self service passwords solutions significantly from other password self service portals. These facts probably explain the discouraging degree of success for the average password projects.
Only 8% of all respondents have reached their business objectives, and 56% were poor or worse according to the SDI research. The conclusion is obviously that a password management project must focus on the users’ behavior to be successful.
Guide to self service of passwords project success
Password reset self service and synchronization with FastPass
FastPass covers the important password manager processes for self service of passwords with a compliant and secure process for the facilitated password reset process in the service desk. The results are high productivity and ease-of-use for all types of corporations.
FastPass covers all types of passwords (Windows / SAP/ Oracle / IBM i, etc.). FastPass supports Active Directory and Azure Active Directory users.
Choose FastPass password reset solution
FastPass for Active Directory
FastPass for Active Directory lets you start with an advanced and automatic platform for Windows Active Directory passwords. You can later add functionality as your requirements increase. Reach 90%+ adoption rate with forced enrolment and rich authentication options.
FastPass covers Active Directory, Multi-AD, Multi-forest AD, Azure AD, Hybrid Azure AD.
FastPass for SAP
SAP password reset tool for Self Service or Synchronize:
- Easy to use self-service portal for all instances
- Supports all SAP variations, and an unlimited number of SAP instances
- Functionality as FastPass Enterprise
- Synchronize AD passwords to SAP passwords
FastPass for Oracle
Oracle reset password portal and synch for end-users:
- Easy to use self-service portal for all systems
- Supports all Oracle variations, and an unlimited number of Oracle systems
- Functionality as FastPass Enterprise
- Synchronize AD passwords to SAP passwords
FastPass for IBM
Password synchronization or password reset for IBM i series, IBM Z and RACF:
- Easy to use self-service portal for all systems
- Supports all Oracle variations, and an unlimited number of Oracle systems
- Functionality as FastPass Enterprise
- Synchronize AD passwords to SAP passwords