Password self service could improve security
Password self service could improve security
Dec 13, 2004: According to NetIQ, many Australian enterprises have implemented strong password policies and standards within their organisations to protect data, but deploying a self-service password solution could actually improve security dramatically.
According to Gartner Inc., in the US, password reset and user ID problems represent 15-35 percent of the overall volume of help desk calls, which costs about $US10 to $US31 each.
Password policies at enterprises have included a guide to staff about not displaying their passwords on a sticky note on their PC, but many IT departments have found these policies very difficult to enforce.
Rick Logan, the regional technical manager at NetIQ said: "Ironically, it is the strong passwords that can lower internal security because end users will often write down rapidly changing, complex passwords. Similarly, they are more likely to avoid compliance that involves staying on-hold for long periods to speak with overworked help desk staff.
"There are inherent security flaws of using human intermediary driven processes for password management. How does your organisations establish authenticity for users calling in for resets today?
"How likely are overburdened administrators to conform to corporate guidelines for validating authenticity and how susceptible are your helpdesk personnel to social engineering attacks?"
He added that a password self-service solution saves enormously on costs and also creates a safer computing environment. It also stated that it is far easier to implement than security best practice policies.
"By enabling end users to reset their own passwords and unlock their Windows accounts, businesses free up time for overburdened administrators to concentrate on other valuable operations."
Related Article: