Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Automating End-User Password Resets for Security and Fewer Headaches

Written by Thycotic Team

September 22nd, 2015

I hear about passwords across all forms of media. Admittedly, I get frustrated trying to come up with a different password to log into my work computer every three months. I have a favorite meme that asks the end user for an uppercase letter, a symbol, and the blood of a virgin. Most people are not very knowledgeable about password security and often daisy chain (use the same password on multiple accounts), as many accounts they encounter have the same complexity requirements. As more organizations understand the risks of bad password management, policies for passwords are created with an emphasis on increasing complexity and rotation. Passwords are getting more complex and must be changed more frequently to keep organizations secure, but what about when the user forgets their complex password? Gartner estimates one help desk call alone costs $31. For an organization of 2,000 employees, that’s roughly $390,000 per year.

Bear with me while I walk through a pretty typical scenario:

Your help desk receives a call from Sarah, the VP on the 4th floor. Frantic, she is at a meeting and desperately needs her presentation. It’s Monday and she has forgotten her password to login to her laptop. She recounts that she was forced to change it on Friday. So let’s take a step back from the seemingly urgent problem at hand (the forgotten password) and examine the big picture. Social engineering attacks play on human emotion to get information needed to compromise security on a targeted network. How is the help desk able to differentiate between someone who needs help resetting their forgotten password and a social engineering threat?

Most organizations don’t have a secure policy in place for end-user password resets. Often, resets are done through a call to the help desk, and commonly accessible information (name, employee ID, desk number) are used to “identify” employees.  A help desk technician typically has access to Active Directory Users and Computers (ADUC) and is given permissions that allow them to reset accounts he or she should realistically not have access to. What solutions exist to solve this problem? Implementing an end-user password reset tool will automate the process through self-service. Security policies can be created to ensure consistent processes for identifying end users, including 2-factor authentication through the use of a one-time pin code via text message, email, or phone. Should a call still come through the Help Desk, that same policy will audit and limit technicians’ access to reset accounts.

Stop wasting time doing password resets for employees. By automating password resets through self-service apps, corporations may ensure a consistent and secure process. To reduce social engineering exposure, educate employees on IT and password security and implement a self-service password reset tool.

Want to learn more about automating end-user password resets for better efficiency and fewer headaches?  Watch our on-demand webinar in which KuppingerCole Senior Analyst Amar Singh and Thycotic CEO Jonathan Cogley talk about essentials for the digital transformation of your enterprise: Managing your end user identities and offering end users self-service password reset abilities to increase help desk efficiency without compromising security.

For an another excellent password security resource, download our free password policy template which can be customized to suit your organization’s requirements.


Like this post?

Get our top blog posts delivered to your inbox once a month.