Why SSPR fails and what to do about it | FastPassCorp
Many self-service password reset solutions (SSPR) have very low user adoption rates, even close to 20 percent. Understanding why this is so is necessary to understand how to improve SSPR solutions and build a great business case for so doing. This blog will help you understand the issues regarding most SSPR implementations and where to look for improvements.
Employees forget passwords or get locked, and this means lost time and productivity for themselves and for the central IT-service desk. The answer is self-service password reset (SSPR) solutions. Many different vendors now offer such solutions, though in some cases these are simply bundled in as part of another solution. SSPR solutions are now available for Microsoft Azure, ServiceNow and other ITSM packages, and many identity management solutions have now integrated SSPR into such packages.
FastPass have noted, however, that many IT managers are concerned that their SSPR solution is not being used as much as expected. One study, conducted by the Service Desk Institute amongst its members, demonstrated that less than 10 percent of organizations with SSPR solutions achieved more than 70 percent usage (measured as percentage of self-service). The large majority attained less than 40 percent success.
A key issue for corporate security is how to defend ourselves against social engineering against the service desk. Hackers might call the service desk and impersonate a real user to get the password. Good hackers are experienced in social engineering techniques and are often able to con the service desk into helping.
FastPass V4 with Identity Verification Manager (IVM) will protect the users, the service desk supporters and the company against such “vishing” (voice-phishing!) attacks.