Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Reduce End-User Password Change Frustrations

July 23, 2021
Password Change Frustrations

Organizations as we speak should give consideration to their cybersecurity posture, together with insurance policies, procedures, and technical options for cybersecurity challenges.

This typically leads to a larger burden on the IT service desk workers as end-users encounter points associated to safety software program, insurance policies, and password restrictions.

One of the vital frequent areas the place safety could trigger challenges for end-users is password insurance policies and password adjustments. What are these points? How can organizations cut back end-user password change frustration? First, let’s think about the usual password coverage, its function, and common settings affecting end-users.

What are password insurance policies?

Most organizations as we speak have a password coverage in place. So, what’s a password coverage? Password insurance policies outline the kinds and content material of passwords allowed or required of end-users in an identification and entry administration system. Numerous elements of the password that companies management could embody the password’s required size, composition (requiring sure characters), password age, and disallowing the reuse of passwords used earlier than.

Microsoft’s Lively Listing Area Companies is arguably essentially the most prevalent identification and entry administration system servicing on-premises environments as we speak. Lively Listing Password Insurance policies permit companies to manage primary traits of end-user passwords with configurable password settings.

These settings embody:

  • Implement password historical past
  • Most password age
  • Minimal password age
  • Minimal password size
  • Minimal password size audit
  • Password should meet complexity necessities
  • Retailer passwords utilizing reversible encryption
Password Change Frustrations
Configuring Lively Listing Password Coverage

Lively Listing Password Insurance policies are enforced as a part of Microsoft Lively Listing Area Companies Group Coverage. Group Insurance policies can apply to a particular OU in Lively Listing and filtered to use to a specific person, group, or laptop.

How password adjustments trigger frustration for end-users

Whereas password insurance policies are considerably essential to the general cybersecurity posture of your group, they will definitely result in an elevated burden on the IT service desk. The service desk fields the majority of points with password adjustments and account lockouts. Usually, frustration outcomes when end-users change their passwords because of password coverage enforcement.

Many organizations select to implement password insurance policies that outline password ageing as a part of coverage enforcement. Password ageing requires end-users to vary passwords when the password’s age reaches the times configured within the coverage.

Finish-users who’re required to vary their passwords could mistype their password throughout the password change. It may well result in the account turning into locked out once they try to enter the password they “assume” is right. Additionally, end-users can encounter challenges merely setting their password. They might not totally perceive the password coverage necessities.

This finally results in workers who can’t log in; which means they’re unable to be productive. Along with being an costly drawback for that division (misplaced work); it additionally impacts the service desk.

Password Change Frustration – Expensive for your online business

Out of all the problems that service desk brokers triage, the end-user password change may be among the many most time-consuming and expensive to the enterprise. Based on the Gartner Group, between 20% to 50% of all service desk calls are for password resets, whereas Forrester Research states that the typical assist desk labor value for a single password reset is about $70.

Except for the labor value concerned with the service desk, enterprise continuity may be affected if a key person is locked out of their account or is experiencing software points as a result of a modified password.

This example can quantity to much less tangible prices related to a password change. Moreover, if end-users are affected by a password change, this will trickle all the way down to clients.

Scale back end-user password change frustration

Companies can’t merely ignore safety greatest practices merely for the comfort of end-users, irrespective of the seniority of the person calling the service desk. Nevertheless, there are instruments that may assist cut back end-user password change frustration attributable to a scarcity of clear messaging on why the password is being rejected.

Except for offering a way more strong answer than the simplistic Lively Listing Password Coverage settings discovered natively in ADDS, Specops Password Policy is one software that may present this skill to cut back end-user password change frustration.

It contains the next two elements that work collectively to offer a lot larger transparency to the end-user of password necessities and upcoming password adjustments required. These embody:

  • Consumer message configuration
  • Specops Authentication Consumer

In Specops Password Coverage, IT admins can configure the Consumer message to customise person suggestions on failed password change makes an attempt. Specops Password Coverage may be configured to offer dynamic suggestions to end-users, utilizing the next settings:

  • Present all guidelines
  • Present solely failed guidelines
  • Present solely customized messages
Password Change Frustrations
Configuring the Consumer message in Specops Password Coverage

The Specops Authentication Consumer software works with the above-configured setting to permit Specops to show the password coverage guidelines when a person fails to fulfill the coverage standards when altering their password. The Consumer will even notify customers when their passwords are about to run out.

The usual “change a password” display screen in Home windows generally is a actual supply of end-user frustration. With no steerage on a password coverage, earlier password historical past, or dictionaries, a person typically resorts to the service desk for assist.

Password Change Frustrations
The usual Home windows password change person expertise

When customers have visibility into the precise motive why the password they’re making an attempt to vary to is failing, this may help the end-user higher perceive the password coverage necessities and align the passwords they use with the company coverage. Specops Password Coverage has lately applied dynamic suggestions at password change.

Password Change Frustrations
Dynamic suggestions at password change for Specops Password Coverage end-users

This functionality additionally helps alleviate the burden on the IT service desk when end-users can higher perceive what’s required of their company password. A greater understanding of the principles reduces not solely end-user frustration but in addition minimizes pricey calls to the IT service desk.

Remaining Ideas

Password safety and insurance policies are required to keep up an efficient cybersecurity posture for organizations as we speak. Nevertheless, password insurance policies and compelled account password adjustments can create an additional burden on the IT service desk, as service desk brokers triage and troubleshoot account password points within the setting. Lowering end-user password change frustration may be facilitated by efficient dynamic suggestions out of your password coverage supply.

Natively, Home windows shows very obscure messaging associated to why a specific password shouldn’t be allowed by a password coverage. Specops Password Coverage fixes this hole by enabling organizations to implement customizable dynamic suggestions to the end-user.

For instance, once they try to set a password that doesn’t meet all the necessities configured within the password coverage, it gives a lot larger element into why the password set operation failed if it isn’t profitable.

Learn more about Specops Password Policy right here.

Posted in SecurityTags:
Write a comment