By Dean Wiech
Password protection is increasingly topical as of late, with scandals such as the Hawaii Emergency Management Agency accidentally leaking a password on television that was written on a Post-It note capturing increased attention. This was one of the higher profile cases however—with 18 years in the Identity Governance and Administration (IGA) industry, we see this kind of data breach day after day in organizations of all sizes.
Companies think they have mastered password management by enforcing extremely complex password combinations. In reality, these passwords are too difficult to memorize and often end up on post it notes. Thus the system fails and your data is at risk.
Aside from security, efficiency is another key factor to consider. How much time and resources does your helpdesk spend resetting passwords? In addition, how much potentially productive time do users spend waiting on passwords to be reset to regain access?
Some large or multi-national organizations have employees based in numerous locations, and yet often their helpdesks are located only at the HQ. Some organizations also have employees who need access to systems and applications outside the operational hours of the helpdesk. Take, for example, a school whose students need to access an application after hours to complete their homework. If they need to reset their password after school then they are unable to contact the helpdesk. Consider also banks and hospitals, which may have patients or customers wanting to access sensitive data at off-peak times.
So, I have highlighted the problem… but what is the solution? From our experience, optimal and affordable password protection can be achieved by implementing self-service password reset coupled with two-factor authentication (2FA).
A self-service password tool allows users to reset their own passwords 24/7 by answering a number of pre-defined challenge questions. You can also incorporate 2FA when protecting more sensitive data. This is an extra step ensuring the identity of the user via a biometric or token authentication. This is most often done by sending a PIN via email or SMS.
So who wins? Helpdesks are overwhelmed by mundane and repetitive tasks that no longer need to be manual; automation is the simple solution. By implementing automated solutions such as self-service password reset, organizations can save a lot of time managing this process. By reducing the resources spent on manual tasks, organizations can focus on more pressing technology matters.
What about the user? For them, it’s never having to contact the helpdesk with another “I forgot my password again.” It means they are always connected, always productive—never having to rely on someone else, or worse, wait for helpdesk hours, to reset their password. They simply click “Forgot my Password,” answer the pre-defined security questions they chose, or the questions that were assigned to them when they were auto enrolled.
Finally, what about the organization? With the increasing saturation of the access management industry, prices have been driven down hugely making these solutions feasible for not only enterprise level organizations, but also SME’s and startups. The price you pay for password protection typically balances out within the first year when you consider the resources the helpdesk saves and the mitigation of a breach threat. After that, automation should save you money with the added benefit of reducing human error.
Dean Wiech is the Managing Director of Tools4Ever.
- The Best Identity Governance Tools and Vendors in 2023 - December 31, 2022
- The Best Privileged Access Management Providers for 2023 - November 1, 2022
- The 10 Best Free and Open-Source Identity Management Tools - October 15, 2022