Password Self Service: Beyond Mother’s Maiden Name

0

Manage EngineBy Radhakrishnan A, Marketing Analyst, ManageEngine

Today’s business environment is dynamic, highly competitive, and laden with security threats. Events like the hacking of Sony’s corporate network have businesses and their IT departments on their toes. Whenever the term ‘security threat’ pops up, the first and foremost step taken is to ensure the safety of passwords. There is no better way to secure a password than by enforcing stringent password policy rules.

As long as employees have to remember a multitude of complex passwords, they will keep forgetting them. According to Gartner, 20-50 percent of all calls made to the help desk are related to forgotten passwords and account lockouts. Additionally, employees’ productivity is affected because they can’t log on and do work. According to Forrester Research, the average cost of a single password reset done by help desk is about $70. Obviously, you can’t sacrifice password security to combat the huge volume of password-related help desk calls.

This conundrum demands a solution that ensures the security of passwords while also sparing help desk teams from additional workload. Thus, we now have many self-service password management solutions in the market which allow businesses to manage password related issues and reduce costs. However, traditional self-service solutions – where end-users go to a web portal, answer some challenge questions, and reset their passwords – are not effective in today’s environment. Businesses need a password self-service solution capable of adapting to both the current and future business needs.

Factors affecting the effectiveness of password self-service solutions

Key factors that determine the effectiveness of a password self-service solution are user adoption, accessibility, multi-platform support and security.

The effectiveness of a password self-service solution is directly proportional to how many people are using it to solve their own password problems. No matter how powerful a self-service solution is, low user adoption means calls to the help desk will continue unabated.

Another factor is accessibility. A self-service solution that can only be accessed via a desktop or laptop is of no use to mobile users who use smart devices for work. Without easier ways to access users will continue to call the support staff for help.

Finally, the most important factor is security. Considering we are dealing with passwords, a self-service solution for password management must have highly secure and foolproof authentication methods to verify users’ identities. Only those users who have proven their identities should be allowed to reset their passwords or unlock their accounts. Additionally, the solution must have measures to tackle common security threats such as bot-based attacks and data theft during transmission.

Modern day recipe for choosing a perfect password self-service solution

Multiple access points

No matter where a user is and what device one is using, it’s imperative for a password self-service solution to be readily available with multiple access points. For example: login agents for different systems and applications, as well as mobile apps, will help. With login agents, users can easily access the self-service portal from the login screen of their Windows or Mac machines and reset their passwords.

A self-service solution should be flexible enough to be integrated with some of the commonly used applications in a business environment like Outlook Web Access and SharePoint for ease of use. Users gain freedom to reset their passwords or unlock their accounts remotely from anywhere at any time with password self-service mobile apps.

Automate user enrollment

In many cases, users are not aware of the need to enroll in password self-service, or are too busy to go through the steps involved. To facilitate enrollment without user’ intervention, an option to auto-enroll users by importing their enrollment data from a database or a .CSV file is essential.

Multi-platform support and password synchronisation

A password self-service solution should support a wide range of commonly used IT systems and applications, to minimise helpdesk calls.

It should also have capability to automatically synchronise password changes across users’ various accounts.

Secure multi-factor authentication

Self-service solutions should have more than one form of authentication technique to verify users’ identities. Asking users to answer relevant questions is a method widely used but is less and less reliable as the boundaries between personal and public information become increasingly blurredCombining the challenge and response verification method with other authentication techniques such as Google Authenticator; SMS- and email-based, one-time passwords; and RSA SecurID helps raise security levels.

Reports and audit trail

Keeping track of all user actions is highly important to find any misuse of the password self-service solution. Reporting on all password self-service actions; sending notifications as soon as users perform password resets or account unlock; notifying administrators and managers about locked out users and soon-to-expire password users, and other tracking features will help businesses take preventive actions before a serious problem occurs.

Empowering end users to manage their passwords on their own can save a lot of money. For that, you need an effective password self-service solution that can adapt to the changing needs of business.

Share.