What does your Password Reset process cost you?


Scroll Down
02-Jul-2018 15:27:00

In my last piece, I talked about Problem Management and how it is often confused with Major Incident management. In fact, while the two are linked, they are very different beasts. However strong your Problem Management, you must be ready for business critical incidents.

The password reset request is probably one of the most common tickets your Service Desk receives and yet end-users probably don't give a second thought to the accumulated costs involved.

It's not just the end users that might not be giving the password reset process much thought either, but do you know what it is costing your business? Does your Finance Director know?

What does your password reset process cost you?

Designing a password reset process that is secure enough for your organisation but not too overly complex can be a tricky situation. A password reset request can be seen as an insignificant task to most users. In reality, password resets cost organisations time, energy and money while also presenting potential security risks. The most common reason for a password reset is a forgotten password. Each reset task takes up IT Service Desk support resources whilst the user is left locked out and unproductive.

What are the financial costs of poor password management?

In a US-based survey, a cost of $420 per employee, per year is lost to password management. In the same survey, almost 40% of the users reported having more than 50 password resets in a single year. That is a lot of lost time, money, productivity and end-user satisfaction.

Password policies and data breach risks

In addition, there is the risk of security breaches as a recognition of poor password reset processes and management. Failing to properly verify a password reset can lead to fatal cyberattacks. Data security has become big headline news far too often. Not only do such breaches present a PR tsunami but they carry significant penalties for organisations who have failed to protect data of EU citizens under the GDPR regulation.

How to minimise password reset requests

So, given the importance of what might seem like a simple request for the end-user but a potential security and a financial black-hole for those in the know, what can be done to improve your password reset process?

1. Keeping it simple

What is more difficult than remembering a 16 character length password with a mix of uppercase, lowercase letters, numbers and special characters? Remembering 20 of them! Workplace users have to remember all of their personal logins as well as their professional account passwords. If you help users minimise the number of passwords they need to remember, you will undoubtedly help reduce password reset requests going forwards. Linking application passwords to Active Directory should result in a demonstrable drop in password resets.

2. Who are you?

Having a good password process and reset tools is a good start, but many users are tempted to pick up the phone and have their password reset immediately. Just as a good self-service password reset tool would have, your Service Desk needs a verification protocol that can be employed on phone reset request tickets.

This consists of security questions that have been pre-set when a user joins so that Service Desk staff can ask a series of questions without learning the full answer to the security question itself. For example, a user might have chosen to answer the question ‘What was your grandfather’s occupation?’, the Service Desk analyst can ask for the first and 4th character in the answer, key it in and get the verification they need in order to move ahead with the reset.

3. Self-service password reset tools

Self-service tools can be time and cost savers, but only if they actually get used. Self-service adoption is often overestimated in many areas of IT support and uptake can be underwhelming, if not handled carefully. Unless you employ auto-enrolment (for example by a popup wizard that asks for security question data before a user can access the network), then you will have very low numbers utilising the self-service option. Even with the enrolment in place, you will find that many users still prefer to simply pick up the phone and have a human reset their password for them.

I hope these tips have helped you and your business going forward and what best suits your organisation. All businesses can benefit from a password reset process review on a regular basis to ensure that time, resources and money are maximised and risks minimised.

New call-to-action

Download our FREE
End User Support e-book

If you share any level of responsibility for delivering high quality It to your organisation, our FREE e-book ‘Happy Users, Easy Life’ is for you.

New call-to-action

Leave a Comment

Pete Canavan
Pete recommends our FREE webinar consultation

About the author

Pete Canavan

Pete Canavan is Support Services Director at Plan-Net. An accredited ITIL Service Manager, he has a proven track record in IT with special expertise in the Legal & Financial Services industries.

With two decades in the IT field, Pete has acquired extensive experience in business relationship development, service transformation, project and people management, training and client/supplier relations.

Pete's other passions, besides Plan-Net of course, are his family and football.

Email Pete: p.canavan@plan-net.co.uk

Connect with Pete Canavan on LinkedIn

Talk to us today about Business Advantage IT

If you’d be interested in discovering how Plan-Net could help give your organisation Business Advantage IT, get in touch.

Did you find this article useful?
Sign up to receive more from Plan-Net