2FA Password Reset: What Is It & How Can It Help Control IBM i Help Desk Costs?
Security is top of mind in today’s IT shops. Increased security needs mean that users get locked out of their IBM i accounts more often than they used to and need their passwords reset more often. Frequent password lockouts create increased costs for manually servicing help desk tickets related to password resets.
Many vendors are now providing IBM i password reset products such as iSecurity Password Reset, that allow users to automatically reset their own IBM i passwords without having to contact your Help Desk. These products allow users to change their passwords using the following process.
- The user requests a password change
- Your IBM i system robustly identifies the user’s identity through an identification method, such as Two-Factor Authentication
- The system provides a temporary password that the user can sign on with
- The system requires the user to change their password after signing on
Two-Factor Authentication (2FA) is the heart of an automated password reset system. It’s a great way to increase your IBM i security, while reducing the high cost of having Help Desk personnel manually reset passwords.
How does 2FA work?
To prevent fraud or phishing, 2FA robustly identifies the user by using any two out of the following three identification methods.
- Something the user knows – Asking questions only the user should be able to answer
- Something the user possesses – Verifying this is the correct user by asking for information that was sent to a cell phone, iPad, or an email address associated with the user
- Something that is inseparable from the user – Identification using something the user can’t be separated from (ex., fingerprints or retinal scan)
While a hacker could know information such as where you were born or your mother’s maiden name, they are unlikely to be in possession of your cell phone or email address, and they certainly shouldn’t have your retina pattern or fingerprints. The user must pass two out of three authentication methods before they’ll be allowed to sign on and reset their temporary password.
How 2FA saves money and time
2FA authentication is automated, which saves money. It’s been estimated that 80% of Helpdesk tickets come from manual password reset requests. Each Helpdesk ticket has a cost associated with it. A reasonable estimate is $50 per incident. If you can automate 90% of the password reset incidents, an average IT shop can conservatively save tens of thousands of dollars per year.
In addition to the dollar cost, there are costs that businesses incur for not having an automated way to reset IBM i passwords. On average it takes 40 minutes to manually reset a user password on the IBM i. That’s 40 minutes where the user is unable to do their job. Using an automated password reset solution with 2FA, you can reduce the amount of time spent to reset passwords to less than 5 minutes. The risk to the business is greatly reduced and the cost to the business is also reduced. It’s a win-win.
Automated deployment
One reason why companies resist automated password reset solutions is because it’s hard to get users to participate in self-sign up. Some password reset packages use HR information as starter 2FA questions to deploy automated password resets more quickly. Uploading a file that has the user’s Social security number or date of birth as the first questions that they have to answer is a good way to bootstrap a solution.
It should be easy for users to automatically reset their passwords so they can continue with business as usual. By using 2FA-based password reset technology, companies can save money and significantly increase their security.
To find out more about automated IBM i password resets and 2FA, be sure to download our white paper, Reduce IBM i Help Desk Costs with Self Service Password Reset.
