With the number of people working from home in recent months, it’s fair to say your IT help desk is likely a bit frazzled – especially if your password change process is manual and dependent on your employees being at the office.
For companies that use Active Directory to manage users, a self-service reset solution provides an alternative that can reduce the need for password-related calls to IT support while keeping your employees online and productive.
Alternatives to help desk password resets
You’ve likely calculated the cost of password lockout support. If you haven’t, Forrester Research estimates each password reset costs $70.
Further compounding the problem is how to verify an offsite user when they call in for help, sparking security risks. Even once a user’s identity is verified, complex lockout instructions delivered over the phone can be difficult for users to follow if they don’t have a deep working knowledge of their device.
Plus, password expirations result in local cached credentials gumming up the works. And finally, there are better tasks for your IT resources to focus on, like squashing the phishing email security scams that have bloomed during the COVID-19 outbreak.
There are remote password reset options simple enough even for workers who aren’t tech-savvy. Specops offers a service that lets end users initiate a password reset process from any browser or mobile device. Users can also reset from the Windows logon screen on their company-issued laptop, even if a domain controller can’t be reached. And there is no need for the user to remember both old and new passwords because of local cache issues.
The solution ties into dozens of the leading multi-factor authentication providers and allows users to validate through Google and other third parties such as Duo Security and Okta Verify. This means that administrators can avoid the security challenges involved in using security questions that can be easily guessed during help desk calls.
One feature that can bring peace of mind when managing a remote workforce is geoblocking. Administrators can whitelist IP addresses and block those from locations where nobody from the company travels to or works from.
The enrollment process can be handled by an administrator, using information that already exists in Active Directory, such as a mobile number. Alternatively, users can self-enroll.
When Norden Machinery, a Swedish company that provides tube-filling equipment to manufacturers, began to use the self-service password reset it immediately ended the problem of technicians getting locked out while they were on the job, or the post-vacation lockouts. “It was a quick ROI for us,’’ says Jonas Lind, an IT technician for Norden.
Specops allows remote users to securely reset their Active Directory passwords without calling the helpdesk. Request a trial of the password reset solution, or get started with a free version of the password expiration notification tool.