Posted inHow To Multifactor Authentication Security Security Keys SSE

Why You Should Stop Doing Password Resets TODAY!

No Comments

OK, let’s recognize – passwords suck.  Password resets and account lockouts are what make passwords suck.  For IT teams, passwords are a never-ending pain point.  Between security risks, inefficiencies, and confusion, let’s consider other options for passwords and password resets.  Stick around and read below on what you and your organization can and should consider with your password procedures.

The Problem with Password Resets

  1. Expensive

    Did you know that password resets cost on average $70 per occurrence?  Now, think about that in regards to the number of tickets your organization gets for passwords every day.  It gets expensive when password requests typically account for 50% of helpdesk tasks.  Now think about these costs annually and the costs become staggering.

  2. Inefficient

    Password resets pull service desk employees away from outages, repairs, and developmental projects.  Instead of enhancing security, your employees are reacting to a legacy policy and practice – over and over.

  3. Insecure

    Weak, reused passwords are a common vulnerability.  Even if a password is reset, users will usually re-use and or just add special characters to the end of the password.  Even worse, phishing attacks/social engineering attempts have been targeting help desks, impersonating an end user who “needs their password reset” but in all actuality isn’t the end user on the other end of the phone.

The Solution: Passwordless Authentication with Entra ID

With Entra ID, you can implement easy and user friendly ways to remove passwords from your users and secure their login experience.

  • FIDO2 Security Keys:

    Enable your users to sign into their workstations and cloud apps using a convenient hardware key.

    Microsoft Authenticator App:

    The Microsoft Authenticator mobile app is used by end users to approve sign ins with a numer matching challenge.

  • Windows Hello for Business:

    Use Biometric authentication on Windows devices to validate your users identity on each sign in making sign ins quick and easy for users.

 

Self Service Password Reset

If you’re not ready to go fully passwordless, Entra ID supports Self-Service Password Reset (SSPR). Users can reset their passwords without contacting IT, reducing support tickets while maintaining security controls.

Conditional Access Policies

Entra ID allows us to enforce security policies on cloud apps and user actions.  For example, if we wanted to only allow users to update security info from a trusted network, we would configure a conditional access policy like the below:

Benefits of Moving Away from Password Resets

  1. Improved Security

    By enforcing SSPR and having your users registered, you can take away the ability for your helpdesk to do password resets comfortably.  For those that call in for a password reset, the helpdesk agent can walk them through the reset process using SSPR and using only the methods to reset that the user has registered.  This will help prevent password resets for bad actors and also educate your end users on how to use the self-service tool in the future.

  2. Enhanced Productivity

    When users are able to self-remediate, they can typically get it done much quicker than a call back from a help desk representative.  This will also allow your IT team to focus on enhancing the security of your environment and be more proactive than reactive.

  3. Better User Experience

    When users can fix things themselves, they feel enabled and feel in control.  Typically end users will see a self-service tool like this as something that can resolve their issues much quicker and will feel driven to use it when available.

 

How to Get Started

  1. Assess Your Environment

    Does your environment support Self Service Password reset?  Are you licensed appropriately?  What if someone resets their password and their computer isn’t on the VPN?  If you need help with these questions, be sure to schedule a time for a consultation.

  2. Enable Passwordless Authentication

    Leverage passwordless opportunities where possible.  If it isn’t possible to use passwordless, enable your users to self service their password resets and give your service desk people a break.

  3. Educate Users

    Use these deployment materials to communicate the changes in your environment or to communicate that these features are available:  Download Self-service password reset rollout materials from Official Microsoft Download Center

  4. Monitor and Optimize

    Utilize the Usage and Insights blade in Entra ID to showcase how many users are registered for SSPR, what methods are available, etc.

Conclusion

Organizations worldwide are shifting to passwordless solutions not just to save costs, but to embrace a more secure, modern approach to identity management. Microsoft Entra ID offers everything you need to lead this transformation.

Stop wasting time, money, and resources on password resets. Make the switch to passwordless authentication with Entra ID today—and step into a future where security and simplicity go hand in hand.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *