Password Resets

[BorisBear]

Not strictly ITIL, more a generic Service Desk question for those versed in all things service desk - For a medium to large organisation what percentage of calls would you expect to take from users who have forgotten their password?

We take somewhere between 25k and 29k incidents per month and between 13% and 15% of them are for passowrd resets. Thats for an organisation with approx 12k staff in the UK. That seems high to me but I would be interested to hear the experience of others.

[rzesie]

I think it really depends on a customer, organisation and the origin country even.
I have experience with global companies from different countries and it varies from 5% of all the calls to almost 30% for other.
It also depends on how many different passwords and systems do the end users use.

Rgds,
Jacek

[UKVIKING]

BorisBear

It also depends on things like

Password management policy for the org - how often changed
Password standards - length of password and requirements - alphabetic, numerical, special characters
Relative institutional culture and type of business the users are
Adherence to ISO 27001 security management

Use of pass through authorization systems
use of FOBs
whether there is an internal web site for changing of passwords or reseting passwords - for the idjit's manager's/ team lead or such
user passwords or system password

For my SD, we were NOT IT Help desk - they got the user calls, we got the system / server etc calls

so we had only admin account requests / issues. As we used FOBs, it was easier

I can tell you that each SD / NOC had at least the value of this type

summation of X where X is between 1 and infinity
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter

[erfo02]

I would say that it is quite normal (though in the higher part) and saying that I assume that you have several systems where your users have separate passwords.

There are several ways of reducing the amount of passwords and the technical way is to implement a Single-Sign-On system.

Another more simple and cheap way is to educate your users to create complex passwords simple to remember and also to change all the passwords at the same tim.

Tell them to choose a sentence they can remember such as "This year I am going to lose 20 pounds".
Ask them to use the first letters in each word and the password will be:
"TyIagtl20p". This instruction or hint could be sent to all your users and will also improve your proactivity and visibility.
_________________
Eric Fogelstrom
Founder/CEO CompITIL
ITIL Service Manager

[UKVIKING]

A single sign on process requires certain technology and the ability to support the technology

I wont go into a tech debate

The issue for the service desk - hey borisbear, trying to answer the question / the implied one / not the actually one - is how to reduce the workload to the SD staff for password resets

1 - one way is have a web (internal only) site that will assist the idjit to reset the password
2 - the other - which is my fave - is the carrot /stick approach

I managed a SD which supporting internal / external customers. One customer sys admin (limited) kept forgetting his password and kept contacting the SD to have the pwd reset - system admin level. In 1 qtr, this was done 20 - 30 times. S

So at the next Service review, we informed all customers - pwd resets were 5 per quarter, beyond that it was an additional service charge $ 100 the next 5. $500 for the next 5 etc

Lo and behold, the customer sys admin pwd resets drop...

giggle

===============================================

Side note: while tools are good for doing the scut work, there needs to be oversight and monitoring and admin of the tools. Some companys try to use the imtro of a tool as a replacement for the staff

bad bad
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter

[Stu274]

Ive read certain reports that say across the industry the average is more like 70% of incidents are password related.
Self service passwords where the user can reset their own is by far the best option in my view.
Each new user sets up a number of questions for identification which they are asked a random number of when they
goto a predefined webpage to request a password reset.
Really it depends on the tools you have for these functions.
_________________
____________________________________
IT Service Desk Team Leader
ITIL V3 Certification
____________________________________

[erfo02]

I would say that if you have 70% of your tickets as password requests I would be very worried. It would be a strong signal showing you that your users are not happy with the services provided by the service desk and are finding other ways to get support. In the events they really need the Service desk (like password reset) they will use it but not until absolutely necessary.

There might be other reasons as well of course but I would definitely be worried.
_________________
Eric Fogelstrom
Founder/CEO CompITIL
ITIL Service Manager

[Stu274]

I didnt say that was our figures I said I read it as an industry figure but it was a few years ago now.
Not sure how you came about some of your other comments however.
Im quite sure my particular service desk does just fine.
I still see password resets as a major pain in the rear unless a self service solution exists.
_________________
____________________________________
IT Service Desk Team Leader
ITIL V3 Certification
____________________________________

[BAGMAN]

I work for the healthcare system where I live and would say 50+% of calls are password resets. There are 10 000+ users, many are lucky enough to know how to turn the computer on...

[Soriano]

Password resets for my organization is around 25% of all calls. I too wondered if that number is high but that may not be the case.

My team is exploring self-service for our end users in 2009 to reduce the number of password reset calls. This will allow us to focus more on incidents than password requests.
_________________
Paul Soriano
Service Desk Manager

[Chris128]

I always hear people mention password resets as a very common incident/call but to be honest I have never seen any evidence of this. I've only been working in IT for 3 years or so but everywhere I have worked password resets have accounted for only around 5% of the calls I would say...

[Diarmid]

Are you talking perception or verified figures?

Do you work in an environment where users are pretty savvy?

Do your users have lots of services to log in or just one or two?

Is there high turnover among your users?

Do your users log in several times a day?

Do your users log in less than once a week?

Is your password regime strict, requiring frequent changes and adherence to sophisticated rules?

etc. etc.

Depending on how you answer those questions, five percent may be a lot or a little and if you get twenty calls an hour then the average password reset request occurs every hour, but at twenty calls a week ...

The issue at the end of the day is about cost and improvement. How much time do users lose when they forget their password?

But, if your answer to the first question is "perception", then we should discuss psychological factors rather than business factors.
_________________
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718