By Torben Andersen, Chief Commercial Officer, SMS PASSCODE
It is summer, surf is up and most of us already have or are planning to take some time off to relax and reload our batteries.
Now I don’t want to spoil your vacation or cause unnecessary stress, but have you thought about what happens when your employees return from summer vacation and cannot remember their passwords?
Statistics suggest that as much as 20-50% of all help desk calls are related to password problems, and the scenario with forgotten passwords after a vacation is classic and a real pain to many IT departments year after year. When I attended Infosecurity Europe in London back in May I had the pleasure of speaking with many IT professionals visiting our booth. During these conversations, it quickly became clear to me that passwords are a real curse for IT managers. Main concern of course is the fact that passwords today offer no real protection as a means of authentication, but the security aspect aside, forgotten passwords typically requires the IT department’s involvement to get the users back online, and the IT managers I spoke with dreaded the spikes in help desk calls they receive around the holiday periods.
However, it doesn’t have to be that way. SMS PASSCODE’s Password Reset Module takes this pain away by enabling users to easily reset their own Active Directory passwords in a secure way.
How does it work?
So how does our Password Reset Module work? Well to illustrate a situation where a user forgets his/her password and is locked out, we made this short video. Take a look.
As you can see from the video the process of resetting the password is easy, intuitive, and the user is quickly back online. However the latest release of Password Reset Module also features the possibility of alerting users when their password is about to expire.
By coincidence my own password was up for renewal yesterday, so thought I would write this blog to share the experience from a user point of view and to highlight how the notification process around password renewals actively helps avoid user lockout situations in the first place.
First I received a text message saying “Your password will expire in 3 days. You can set a new password here” and then had a link to the self-service site. Not only was this message timely (informed me BEFORE my password expired), but it also allowed me to take action and reset the password by clicking the URL.
I clicked the link in the message and was forwarded to the SMS PASSCODE Self-Service website, where I was guided through the process step-by-step. I completed the process directly from my iPhone. No need to open up a browser on my laptop or to pinch to zoom in on the screen of my mobile phone.
In terms of security the Password Reset Module can be configured to look at my location and then determine the level of authentication needed before I can reset my password. In my particular case the solution identified that I was in a trusted location (inside the office building) and I was prompted to enter a One-Time-Passcode (OTP) that was sent to my mobile phone.
This was a an interesting step as the flash SMS with the OTP popped up on top of the self-service site requiring me to remember the code after hitting OK on my screen. Luckily SMS PASSCODE’s memoPasscodesTM feature means all our codes are easy to remember, and I had no problems during this step.
The entire process of setting a new password took me less than 3 minutes.
I hope this post describes just how convenient a password reset process can be, and how it can empower your users to get back online without having to contact the IT department.
It is easy to use and requires no software to be deployed on the users’ phones. More importantly, it can help you avoid that nasty tidal wave of inbound phone calls and emails from frustrated users who have forgotten their password after their summer vacation.
Have a good summer everyone.