Break Glass in Event of Emergency: Automated Password Reset
For managed service providers (MSPs) and other IT service organizations, changing your clients’ passwords is a time-consuming pain. How painful is it? I’ve seen research that indicates that resetting customers’ passwords is among the most frequent—if not the single most frequent—requests made to the average IT help desk workers.
Clients may want, or need, to reset their passwords for a number of reasons: because an employee is leaving, because their internal password policy dictates a periodic change, or because they simply forgot their password. The demands for password reset can come fast and furious to IT departments and MSPs, so it’s no wonder that many of them choose to use some type of automated password reset system.
Automated Password Reset and Staff Turnover
Let’s take the scenario in which an employee leaves a company. Clearly, this is not an uncommon situation. When an employee leaves a company, he takes with him the multitude of password he used in his former job to access networks, applications, Internet services, certain pieces of equipment, and so on. Many companies don’t think about this, but that’s a lot of risk leaving the building. To protect against the misuse of their passwords when an employee leaves, a company needs to do two things:
- Find out what passwords he or she had access to.
- Expire and change them all.
Maybe it’s the overwhelming amount of work required to complete these tasks that scares companies away from doing them; maybe it’s an unwieldy or unsecure password storage system (a spreadsheet, for example). Whatever the case, the risk is unnecessary now thanks to password management systems that allow for automated password reset. Such a system not only provides a secure, centralized location for storing password information, but, through easy-to-create automated workflows, it allows users to change multiple passwords with a single step.
Finally, you have a panic button for passwords—a single click to discover what passwords a user knows and expire them all at once. When an employee leaves, this functionality is both a huge time saver and a major risk reducer. Certainly, busy IT help desks will appreciate being able to spend more time on other tasks and less time sorting through and resetting the different passwords to which an ex-employee had access.
Other Benefits of a Robust Password Management System
The automated password reset case I described above demonstrates how some of the built-in best practices of a good password management system can be put to use to save MSPs and other IT service providers time and money keeping their customers safe. These best practices include the ability to see who has access to which passwords, the ability to control who has access to password information (based on their role and level of authority), and the ability to easily change passwords when needed.