Between a Rock and a Hard Place: The IT Help Desk Manager’s Password Dilemma

April 20, 2021 Stas Neyman

IT Help Desk Password Support

Long-time Saturday Night Live fans will likely remember Nick Burns – a.k.a. “your company’s computer guy” – a popular recurring character played by Jimmy Fallon in the early 2000s.

Sporting a pocket protector and blaring pager, Nick makes his way around a large corporate office, fielding IT support questions and sarcastically mocking his technically “inept” customers – internal company employees – who could never get the printer to work and didn’t understand JavaScript jokes. No skit was complete without his signature phrases of “MOOOOVE” as he swoops into their workstations to fix a problem, and “Was that so hard?!” after he solves it within seconds.

While Nick’s character is a far cry from the business-critical role of today’s IT help desk manager, many in this position today can relate to the daily barrage of support tickets he faced. And even those with the sunniest of dispositions sometimes share his frustration in dealing with the same issues again and again. Most of the time, those issues can be traced back to passwords.

“Alright, one at a time. My brain doesn’t have a zip drive!”

While Nick’s days of Outlook 6.0 and LC-475 Macs with 32-bit processors are long gone, passwords are still alive 20 years later, and relied upon by organizations to authenticate corporate users.

As the pace of digital innovation accelerates, many organizations are adopting new technologies at a dizzying pace. Every new corporate application or tool becomes a new identity silo, with unique password management requirements, such as complexity and rotation cadence.

Requiring corporate users to repeatedly authenticate themselves to these new systems – and maintain (let alone remember!) numerous complex passwords – creates headaches galore for help desk professionals. Not only charged with provisioning users, they also manage hundreds (if not thousands) of corporate accounts – and the constant password reset requests and account lockouts that come with them.

Let’s use some industry estimates and simple calculations to quantify this massive password problem:

  • The “all-in” cost of an average help desk call to reset a password is between $40 and $50: we’ll use the mean of $45.
  • It’s estimated that each corporate user contacted the help desk with six to ten password-related issues per year before COVID-19 sent many workers home. So, eight issues spanning a typical year of 261 eight-hour working days, or 2,088 hours. In other words, one password issue is flagged to the help desk for every 261 hours of work.
  • Now consider that the typical work day for U.S. knowledge workers has lengthened from eight to 11 hours since the widespread shift to remote work. That means 261 11-hour working days, 2,871 hours total – or 783 hours more than “usual.” It also translates to three additional password-related help desk issues per person.
  • Based on this data, CyberArk estimates that for a large enterprise of 1,000 employees, $495,000 is spent annually resolving password issues. (11 password-related help desk requests per person x $45 per request x 1,000 users.) 

Instead of focusing on strategic business initiatives, already time- and resource-constrained IT help desk managers are pulling even longer shifts to address password issues, meet service level agreements (SLAs) and deal with frustrated end users.

“Don’t tell me your password is your dog’s name… Mooooooove!”

It’s old news that humans are terrible at selecting strong passwords. The ones they choose are often overly simple, common, reused or shared. In fact, employees reuse passwords across an average of 16 corporate accounts. While it’s tempting to look to password managers to solve this challenge, this approach is not without risk. Plus, password managers can’t manage who gets access to what sensitive resources, and for how long.

Attackers know that many organizations still rely on just one verification method – like a single set of credentials – to protect access to various systems and tools. This is especially dangerous when used in combination with single sign-on which allows broad access to many systems and applications.

They know that all they have to do is steal or compromise credentials for one corporate identity (any one will do) to gain a foothold and then escalate privileges toward high-value resources. Today, 67% of all breaches are caused by credential theft (using stolen or weak passwords) and social attacks.

Yet when IT teams implement stronger authentication methods in the name of security, workers often develop clever ways to circumvent these controls – or avoid using company approved systems and applications altogether to stay productive.

Eighty-four percent of IT service management professionals believe working in IT will continue to get harder over the next three years. And it makes sense why – as they find themselves stuck between a rock (keeping all systems and data as secure as possible) and a hard place (keeping teams productive).

Instead of resetting that password… again… consider retiring it altogether

By embracing a Zero Trust security model that integrates solutions such as passwordless authentication methods, forward-looking IT security and help desk teams to strike the right balance and take back some control.

By layering cloud-based single sign-on (SSO) with adaptive multi-factor authentication (MFA), these teams can overcome pervasive password challenges and make sure users are who they say they are – while giving them fast, responsive and streamlined access to everything they need.

This is where a bit of intelligence and context in the form of risk-based access comes in. Using machine learning and contextual signals, including user data, device data and activity data, organizations can automatically analyze access requests against historical patterns, assign risk to each login attempt and create access policies triggered by anomalous behavior.

What’s more, by giving workers self-service opportunities, IT help desk teams can lighten their own workloads, automate time-consuming tasks and refocus their efforts on high-impact work that keeps the business operational and profitable.

As Nick Burns would say in his classic parting shot, “Oh, by the way… you’re welcome!”

Previous Article
Put Your Best Foot Forward: Secure MFA Starts with the First Step
Put Your Best Foot Forward: Secure MFA Starts with the First Step

When attempting to implement a Zero Trust security model, that first step is the most important… but maybe ...

Next Article
CyberArk Identity 21.4 Release
CyberArk Identity 21.4 Release

Release 21.4 includes support for enhanced delegated administration, desktop-based CyberArk Identity Authen...