When your system admins are dealing with multiple tickets related to user lockouts, it takes time and money to resolve the issues.
There are some estimates that put the price of resolving each user lockout at $15. The Gartner Group estimates that one in five help desk calls is a ticket for a password reset.
Password tickets can end up taking over most of what your IT team does, especially when they’re working remotely and your other employees are as well. When you take steps to improve user self-service, then your IT team can focus on the critical work.
There are things you can do within your business to help reduce user lockouts without impacting your security.
Utilize Self-Service Tools
There are a lot of ways that you can help your users find and access what they need without the IT team stepping in. For example, you might have a tool where your users can get answers to common questions or track tickets without having to constantly get in touch with the IT team.
Another great way to improve your self-service tools is by developing a set of articles or videos where users can find information about managing their passwords.
Understand the Limitations of Single Sign-On
Single sign-on is an option, also called SSO. It can be used as part of your core directory or you might integrate it into your productivity suite.
With SSO, there’s a portal where your employees can go to access the core applications they need to do their job. There’s one set of credentials, or you might set it up so they can log onto the applications they need with a default email address.
This is like a password manager in some ways and it’s cutting down on the number of credentials employees need to remember. The hope here is that this is, in turn, reducing password tickets.
With that in mind, a single sign-on provider tends to only offer access to applications and then your employees may still struggle when they need access to other IT resources.
To overcome this challenge, you’ll want to try and make it so that your users only need one password that’s secure for their devices and any other resources needed to do their jobs.
What About Password Managers?
A password manager can be a great option for user experience and to reduce the unnecessary workload placed on your admins. With a password manager, users don’t have to think about creating and remembering secure passwords.
There’s a pseudo streamlined credential, and a lot of password managers will also include multi-factor authentication for more protection without added complexity on the user’s end.
There are still challenges with a password manager to be aware of going in, despite its benefits. For example, password managers can reduce the number of passwords that your users have the potential to forget, but you then have to think about how you’ll deal with offboarding.
Password managers don’t usually work with all IT devices and networks either.
Cataloging User Entry Points
A good thing for every business to do is to catalog all of your employees’ points of entry.
Do an audit to figure out how many sets of credentials your users need to access everything to do their job and all relevant resources. Do they share any credentials, or are all they separate to each individual system?
When you have a greater view of what your resources are, and you have a centralized perspective of access points, you’re better prepared to start to improve user access, especially in the remote work environment that’s so prevalent right now.
During this time, it’s also a good idea to review your account policies.
For example, are your password requirements too strict? Are you requiring password changes too often, or maybe not often enough?
Reduce the Complexity of the Environment
Finally, in many ways, this is integrated into the tips above, but you should aim to reduce environmental complexity if you’d like to also reduce password tickets.
For example, do you have what is often referred to as password islands?
This means some systems might use their own authentication, or only a few systems might sync credentials.
If you can use, once again, a single-sign-on solution that can help.
Now is a good time for all organizations to review and perhaps rethink their password management approach, particularly with so many people working remotely still, more than a year into the pandemic.