10 January

Are your corporate accounts secure?

Probably not! Even when your organization has strong password policies with 10 characters of different types and change every 3 months, you might risk that someone successfully tries to get a password to your account!
According to a survey by the Service Desk International (SDI), 35% of organizations have no process for authentication for password reset in the service desk! Of the remaining 65% the authentication can in many situations be too limited to prevent a direct attack on an account.

We find it very surprising that the manual password reset process is unmanaged at a time where IT-security investments in general are very high. We have however often met CIOs who admit that persons with the will to get a password for another person’s account probably can pass, - even if the service desk attempts to try a personal authentication.
For the 65% of organizations with authentication, it's often based on information available in the IT-system like employee-number, name of your boss, your present address. Although the majority of people will not be able to answer correctly –still a user with a purpose can get this information in advance!

If you want to get a compliant password reset process covering as well self-service, as the assisted password reset process feel free to contact us to learn more about FastPass Password Compliance Management