The Complexity of Managing User Passwords

by | Oct 8, 2015 | News

Leading businesses are constantly implementing new technologies that help make their companies run more efficiently. One great example of this is the ability for users to perform self-serve password resets; which enables users to reset their passwords without calling IT.

This new technology is deployed to:

  • Reduce the workload on IT
  • Enhance end user satisfaction by enabling self service
  • Increase effectivity by removing barriers to work outside of normal business hours
  • Allow for implementation of harder passwords without the fear of breaking users

As business capabilities progress, IT leaders need to ensure that we have kept up with potentially unintended consequences of new service offerings. Password self-resetting and how companies handle employee exits are perfect examples of this.

Previously some organizations merely changed a user’s password when the user exits the company. While this may be a traditional method of the past, password self-resetting requires that we change this process and ensure that users are disabled. This will ensure that a former employee cannot simply change their password and get back into the network.

ZAG has deployed user-password methods to organizations utilizing technologies such as Microsoft Azure and Quest Software. These solutions have enhanced the user experience by making them more self-sufficient.

Recommendations

There are several key items that should be decided prior to selecting one of these solutions, such as:

  • Should Administrators be able to reset their passwords?
    • We generally don’t recommend this as it is an attack point that criminals may attempt to utilize.
  • If Administrator self-resets are allowed, should they be informed of the change as a backup security function?
  • Is the password tool mobile friendly?
  • What methods of authentication are available?
    • Text
    • Email to an alternate address
    • Security questions
  • How secure is the system being implemented?

Workers today are productive 24×7. Working at this pace drives increasing pressure on IT. Having self-reset password technology and enabling self-serve password resets gives your IT one less thing to worry about. It enables IT to focus on adding value to the business and removes it from keeping the lights on by completing this mundane task.

Related Content