Want to Save Some Money? Automate Password Resets

How many applications do you support? In 1995, IT departments supported an average of 25 per user. Now, that number is somewhere between 100 and 200. The cost of purchasing those apps has long been absorbed, but ongoing support requirements are costly, ubiquitous and cover mundane tasks.

Indeed, the second most costly request to an IT help desk is to reset a password (about $14 to $28 a pop, according to Gartner). Six years ago, about 25% of help desk calls were about passwords, and having a single password and user ID (or single sign-on) for all applications was the Holy Grail.

Today, password resets account for only 19% of help desk calls, but that's still the second highest request after those for more RAM to run popular programs - and single sign-on still hasn't solved the password reset problem.

Nevertheless, improving the password reset function can save IT much-needed money at a time when IT budgets are under siege.

Unfortunately, there have been two culprits holding back change.

The first involves organizational risk management. Kris Brittain, research director at Gartner, says she recently visited a financial services organization that was so concerned about a possible breach of security that it changed the frequency of password resets from every 90 days to every 30 days. In addition, you couldn't choose a previously used password for at least six months. "Calls to the help desk for password resets jumped 50%," Brittain says, and employees routinely used sticky notes on the fronts of their monitors to remember their passwords.

How secure is that?

Clearly, a sane password policy must take into account that many users have a corporate LAN identification and password, passwords for a variety of Unix machines and a database password.

Better to place your risk-management assessment in the context of IT support by determining how much it will cost if, say, a quarter of your employees start calling the help desk to reset their passwords.

The second culprit is the lack of an appropriate technology to maintain password security while giving users the tools to self-select and reset passwords. But several technologies are removing this stumbling block.

For example, Support.com in Redwood City, Calif., has integrated P-Synch password management software into its support automation offering. That's because "it's a quick and compelling return on investment for companies to slash the amount of time a help desk spends resetting passwords," says Gary Zilk, product marketing manager at Support.com.

So, don't hesitate; automate. And don't forget your password. After all, no one minds safe cost savings.

Pimm Fox is Computerworld's West Coast bureau chief. Contact him at pimm_fox@computerworld.com.

Special Report

Security Risk and Reward

Stories in this report:

Related:

Copyright © 2001 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon