[SECURITY | 4 MIN READ] MSPs can save time and gain productivity with an automated, self-service password reset tool for their customers.
It happens all the time—an employee forgets their password. Maybe they just got back from vacation, or maybe they just changed it yesterday but can’t remember what it is now. It’s no surprise an employee might forget their login information, since many businesses rely on multiple tools like email, G-Suite, Active Directory, OneDrive, SharePoint, and various other platforms that require a password for access.
Missing or forgotten passwords may seem like a minor business inconvenience. But when you multiply the effect of missing passwords over multiple employees, the impact on productivity quickly adds up. At the same time, when managed services providers (MSPs) are tasked with resetting customer passwords, managing many password requests can take over a day’s schedule and prevent MSPs from working on more significant tasks. It’s critical to have a streamlined solution in place so that employees can quickly reset their own passwords without requiring manual intervention every time a worker is having a forgetful day.
What is self-service password reset?
Self-service password reset is the tech-enabled process by which a user can create a new functioning password, without requiring human intervention. Password reset for MSPs shouldn’t require manual effort or rely on the MSP accessing a database of saved passwords.
Instead, self-service password security is all about the user generating a new password through an automated platform, usually a password manager app. Typically when a self-service password reset tool is used, it’s simply because a user has forgotten their password—generally for a program that they don’t use often. In other cases, however, the system may require them to create a new password. A self-service reset tool could even come in handy if a user accidentally types their password incorrectly too many times, triggering an automatic lockdown. Whatever the reason, having to contact an MSP to make the changes may take too long for the employee, and it often slows down the MSP’s schedule.
With a self-service password reset, the staff member will need to be able to positively establish their identity. For instance, they may need to answer a series of questions they established when first creating their password. That could include questions about their first pet’s name, the street they grew up on, their high school mascot, or other common personalized questions. Alternatively, the reset function could require multifactor authentication (MFA). Another recent technology that is now more commonly being used for identification is biometric authentication, which allows a user to use their fingerprint to prove their identity through their smartphone.
Because automated reset requires at least one of these measures, self-service password security can actually be more secure than the former call-an-IT-guy method. These measures can potentially reduce the risk of phishing or identity theft, since there are automated protections in place between the person requesting the password and the new password. Self-service password resets aren’t just convenient—they can actually offer improved security by putting control in the user’s hands.
What are self-service password best practices?
Self-service password reset is a good bet for company security. It’s also a smart choice for productivity, both for busy staff who don’t want to wait to access their needed files and for MSPs who have better things to do than field a dozen daily password requests. When configuring a self-service password reset process, it’s important to remember to follow some of the following general password best practices. These might not all be relevant to your password system, but it’s important to keep in mind the many dimensions of good password security:
- Require strong passwords. It’s always good to stay up-to-date on current best practices around password strength—strings of uppercase and lowercase letters interspersed with numbers and symbols are generally a good bet.
- Avoid storing system passwords in a database. Ideally, there’s no reason for MSPs to have access to passwords or for passwords to be housed somewhere that hackers might gain access to—that control should stay with end users.
- Require four challenging security questions. Security questions are an effective, individualized way to authenticate employees, as long as the questions are “hard” enough and the system doesn’t allow repeated answers.
- Use biometrics. With smartphones, biometric touch technology has advanced to the point where the touch of a user’s unique fingerprint can serve as a highly secure method of authentication for reconfiguring a password.
- Lock users out after three failed attempts. Failed attempts should automatically trigger a reset. If the reset is unsuccessful (i.e., if the user doesn’t know the answers to their security questions), then it may be time for the MSP to help them out individually.
- Configure automatic logout due to inactivity. Users shouldn’t be left vulnerable if they leave their workstation.
Minimizing password reset tickets with Passportal Blink
Built for MSPs by MSPs, SolarWinds® Passportal + Documentation Manager offers efficient password management, so MSPs can provide top-notch security to their clients with ease.
MSPs already using SolarWinds Passportal can easily implement the Blink feature, a self-service password reset integration that enables users to reset Microsoft login passwords with a turnaround time of under a minute. Blink makes it easy for users to perform automated Windows, Azure AD, Office 365, and Active Directory password reset.
This Passportal add-on offers a streamlined password reset, relying on finger-scan Touch ID through the SolarWinds Passportal Blink Mobile App. If a user’s Microsoft account is inaccessible, it’s easy for the user to request a new password through their smartphone, confirm their identity with their fingerprint, and receive a new password in less than a minute. Once they log in with the provided password, they are then prompted to create a new personal password. For MSPs looking to speed up password reset, this is a quick, secure, useful option.
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.