A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption
IT help desks everywhere are having to adjust to the ‘new normal’ of supporting mainly remote workers. This is a major shift away from visiting desks across the office and helping ones with traditional IT support processes.
Many reasons end-users may contact the helpdesk. However, password related issues are arguably the most common.
Since the onset of the global pandemic that began earlier this year, help desks are now dealing with password resets of users who are working remotely. Servicing users who are working remotely and assisting with password resets can be cumbersome and expose organizations to potential security risks.
Self-service password reset (SSPR) solutions can significantly assist in providing the tools that remote workers need to service their accounts.
However, there can be challenges with enrollment and other issues. Let’s take a look at SSPR and see how businesses can manage enrollment compliance.
What is Self-Service Password Reset (SSPR)?
To offset the burden on your helpdesk staff with password resets, implementing a self-service password reset (SSPR) solution allows empowering your end-users to have the ability to perform tasks related to the servicing of their accounts, including password resets, on their own. They can do this without the need for helpdesk assistance.
How do SSPR solutions work for resetting passwords for end-users? Using various forms of alternative identification methods, an end-user can validate their identity in such a way that allows the SSPR solution to perform password resets or account unlocks on their behalf.
What types of alternative identification can be used? The following are just a few:
- Security questions
- Receiving an email
- Hardware token
- Text message
- Authenticator app
Why are SSPR Solutions Important Now?
With the current “new normal” brought about by the COVID-19 global pandemic, helpdesk teams may be stretched thin to keep issues triaged for remote workers struggling with poor connectivity, BYOD problems, or other problems related to working from home.
Adding password resets, account lockouts, and other account-related activities on top of triaging other remote work issues can lead to overworked helpdesks and lack the time and personnel needed to resolve the day-to-day problems the environment.
Provisioning and using a self-service password reset solution, especially now, can help to ease the burden of helpdesk teams and free them up to give needed attention to other issues that remote workers may be facing. Additionally, password resets actually cost your business money.
According to Gartner Group, between 20%-50% of the help desk calls are related to password resets. Another study from Forrester Research estimates that the help desk labor cost for a single password reset is about $70.
When you think about how these costs add up each day, each week, and each month, it is not insignificant.
Another important reason for considering an SSPR solution is security. Attackers are looking to use any angle possible to compromise environments, especially since the pandemic and the shift to remote work. This includes using social engineering and other techniques to compromise accounts.
When triaging remote worker password issues, this is typically carried out over the phone with the end-user. For even medium-sized companies, helpdesk technicians may not know all end-users well or even at all. It becomes much easier for an attacker to use social engineering on a helpdesk technician to compromise an account.
Also, with social media accounts and other readily available information that can be found on the Internet, attackers can often harvest enough information to get past many of the simple questions that may be asked of an end-user when they call in and are asked to verify their identity.
Today’s SSPR solutions can arrange for a whole series of very secure methods of verifying identity. These include sending text messages to approved phone numbers, one-time passwords, and other forms of identification that are much more difficult for an attacker to spoof.
SSPR solutions are highly effective in minimizing the amount of password resets that helpdesk technicians have to triage daily from remote employees and empower end-users. However, one of the primary challenges of using an SSPR solution in your environment is achieving 100% compliance with employees.
In other words, getting end users to complete their enrollment in the system may be a challenge. Without completing enrollment in your SSPR solution, users are still reliant on the helpdesk for any issues that may arise with their password or user account. In turn, this defeats the purpose of the SSPR solution entirely.
Why Users May Not Enroll
As mentioned, it can be a challenge to get your end-users to enroll in your SSPR solution. Why might this be the case? Many organizations may leave the enrollment in the SSPR solution up the end-user. This means the user has to take the time to complete the enrollment process. While this can allow for the end user’s flexibility to enroll, it can lead to less than 100% adoption.
End-users may not complete the enrollment process for several reasons. These may include a perceived inconvenience related to enrolling or the assumption they will never need the functionality provided to reset their passwords using the self-service process.
Users may have previous experience with SSPR solutions that were cumbersome or difficult to complete the enrollment process. This may lead to reservations about completing the enrollment process using a new solution. Whatever the case may be, it leads to a less than desirable result of no perceived benefit to helpdesk operations. The majority of users still require assistance to reset passwords and unlock accounts.
Using Mandatory Enrollment for SSPR Compliance
For a self-service password reset solution in your environment to truly be successful across the board, you need to have 100% compliance from an enrollment standpoint. As discussed, this leads to many benefits for helpdesk teams, end users, as well as bolsters security for your organization.
When choosing an SSPR solution, look for a platform that allows your organization to have several key features and capabilities. These should include the following:
- Pre-enrollment capabilities – Look for an SSPR solution that allows IT administrators to “pre-enroll” users into the system. In this way, much of the heavy lifting is already performed for the end-user.
- Enrollment reminders – These provide varying levels of “encouragement” for enrollment. Enrollment reminders can include email, SMS, system tray “bubble tips” to help the end-user remember to enroll all the way to making enrollment mandatory after a certain number of days.
- Solid, easy enrollment process – Choose a solution that provides an easy to complete workflow for end-users to complete enrollment. This will help encourage adoption.
- Ability to integrate with Active Directory – Using an SSPR solution that integrates with Microsoft Active Directory, which is already found in many enterprise environments, allows standardizing and uniformly applying policies for password reset and reminder settings to end-users.
Self-service password reset solutions are a powerful tool for organizations supporting remote workers during the current global pandemic. However, there can be challenges with achieving enrollment compliance from end-users.
By strongly encouraging and even making SSPR enrollment mandatory, your organization can achieve a 100% compliance rate from your end-users. This will help to alleviate the pains that remote end-user experience with password resets and account lockouts.
Additionally, choosing a self-service password reset solution with the right tools can lower the costs of password management for your organization by reducing the helpdesk workload.