View previous topic :: View next topic |
Author |
Message |
BorisBear Senior Itiler

Joined: Mar 10, 2008 Posts: 403 Location: Sunderland
|
Posted: Tue Aug 05, 2008 4:02 am Post subject: Password Resets |
|
|
Not strictly ITIL, more a generic Service Desk question for those versed in all things service desk - For a medium to large organisation what percentage of calls would you expect to take from users who have forgotten their password?
We take somewhere between 25k and 29k incidents per month and between 13% and 15% of them are for passowrd resets. Thats for an organisation with approx 12k staff in the UK. That seems high to me but I would be interested to hear the experience of others. |
|
Back to top |
|
 |
rzesie Itiler

Joined: Apr 23, 2007 Posts: 22
|
Posted: Thu Aug 07, 2008 9:51 pm Post subject: |
|
|
I think it really depends on a customer, organisation and the origin country even.
I have experience with global companies from different countries and it varies from 5% of all the calls to almost 30% for other.
It also depends on how many different passwords and systems do the end users use.
Rgds,
Jacek |
|
Back to top |
|
 |
UKVIKING Senior Itiler

Joined: Sep 16, 2006 Posts: 3591 Location: London, UK
|
Posted: Thu Aug 07, 2008 10:07 pm Post subject: |
|
|
BorisBear
It also depends on things like
Password management policy for the org - how often changed
Password standards - length of password and requirements - alphabetic, numerical, special characters
Relative institutional culture and type of business the users are
Adherence to ISO 27001 security management
Use of pass through authorization systems
use of FOBs
whether there is an internal web site for changing of passwords or reseting passwords - for the idjit's manager's/ team lead or such
user passwords or system password
For my SD, we were NOT IT Help desk - they got the user calls, we got the system / server etc calls
so we had only admin account requests / issues. As we used FOBs, it was easier
I can tell you that each SD / NOC had at least the value of this type
summation of X where X is between 1 and infinity _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter |
|
Back to top |
|
 |
erfo02 Itiler

Joined: Mar 11, 2008 Posts: 21
|
Posted: Wed Aug 20, 2008 3:45 pm Post subject: |
|
|
I would say that it is quite normal (though in the higher part) and saying that I assume that you have several systems where your users have separate passwords.
There are several ways of reducing the amount of passwords and the technical way is to implement a Single-Sign-On system.
Another more simple and cheap way is to educate your users to create complex passwords simple to remember and also to change all the passwords at the same tim.
Tell them to choose a sentence they can remember such as "This year I am going to lose 20 pounds".
Ask them to use the first letters in each word and the password will be:
"TyIagtl20p". This instruction or hint could be sent to all your users and will also improve your proactivity and visibility. _________________ Eric Fogelstrom
Founder/CEO CompITIL
ITIL Service Manager |
|
Back to top |
|
 |
UKVIKING Senior Itiler

Joined: Sep 16, 2006 Posts: 3591 Location: London, UK
|
Posted: Wed Aug 20, 2008 5:37 pm Post subject: |
|
|
A single sign on process requires certain technology and the ability to support the technology
I wont go into a tech debate
The issue for the service desk - hey borisbear, trying to answer the question / the implied one / not the actually one - is how to reduce the workload to the SD staff for password resets
1 - one way is have a web (internal only) site that will assist the idjit to reset the password
2 - the other - which is my fave - is the carrot /stick approach
I managed a SD which supporting internal / external customers. One customer sys admin (limited) kept forgetting his password and kept contacting the SD to have the pwd reset - system admin level. In 1 qtr, this was done 20 - 30 times. S
So at the next Service review, we informed all customers - pwd resets were 5 per quarter, beyond that it was an additional service charge $ 100 the next 5. $500 for the next 5 etc
Lo and behold, the customer sys admin pwd resets drop...
giggle
===============================================
Side note: while tools are good for doing the scut work, there needs to be oversight and monitoring and admin of the tools. Some companys try to use the imtro of a tool as a replacement for the staff
bad bad _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter |
|
Back to top |
|
 |
Stu274 Newbie


Joined: Sep 03, 2008 Posts: 4
|
Posted: Thu Sep 04, 2008 10:18 am Post subject: |
|
|
Ive read certain reports that say across the industry the average is more like 70% of incidents are password related.
Self service passwords where the user can reset their own is by far the best option in my view.
Each new user sets up a number of questions for identification which they are asked a random number of when they
goto a predefined webpage to request a password reset.
Really it depends on the tools you have for these functions. _________________ ____________________________________
IT Service Desk Team Leader
ITIL V3 Certification
____________________________________ |
|
Back to top |
|
 |
erfo02 Itiler

Joined: Mar 11, 2008 Posts: 21
|
Posted: Thu Sep 18, 2008 5:53 pm Post subject: |
|
|
I would say that if you have 70% of your tickets as password requests I would be very worried. It would be a strong signal showing you that your users are not happy with the services provided by the service desk and are finding other ways to get support. In the events they really need the Service desk (like password reset) they will use it but not until absolutely necessary.
There might be other reasons as well of course but I would definitely be worried. _________________ Eric Fogelstrom
Founder/CEO CompITIL
ITIL Service Manager |
|
Back to top |
|
 |
Stu274 Newbie


Joined: Sep 03, 2008 Posts: 4
|
Posted: Thu Sep 18, 2008 9:51 pm Post subject: |
|
|
I didnt say that was our figures I said I read it as an industry figure but it was a few years ago now.
Not sure how you came about some of your other comments however.
Im quite sure my particular service desk does just fine.
I still see password resets as a major pain in the rear unless a self service solution exists. _________________ ____________________________________
IT Service Desk Team Leader
ITIL V3 Certification
____________________________________ |
|
Back to top |
|
 |
BAGMAN Newbie


Joined: Nov 01, 2008 Posts: 4
|
Posted: Mon Nov 03, 2008 11:28 am Post subject: |
|
|
I work for the healthcare system where I live and would say 50+% of calls are password resets. There are 10 000+ users, many are lucky enough to know how to turn the computer on... |
|
Back to top |
|
 |
Soriano Newbie


Joined: Nov 17, 2008 Posts: 1 Location: Chicago, IL
|
Posted: Tue Nov 18, 2008 6:18 am Post subject: |
|
|
Password resets for my organization is around 25% of all calls. I too wondered if that number is high but that may not be the case.
My team is exploring self-service for our end users in 2009 to reduce the number of password reset calls. This will allow us to focus more on incidents than password requests. _________________ Paul Soriano
Service Desk Manager |
|
Back to top |
|
 |
Chris128 Newbie


Joined: Mar 12, 2009 Posts: 2
|
Posted: Fri Mar 13, 2009 6:41 am Post subject: |
|
|
I always hear people mention password resets as a very common incident/call but to be honest I have never seen any evidence of this. I've only been working in IT for 3 years or so but everywhere I have worked password resets have accounted for only around 5% of the calls I would say... |
|
Back to top |
|
 |
Diarmid Senior Itiler

Joined: Mar 04, 2008 Posts: 1894 Location: Helensburgh
|
Posted: Fri Mar 13, 2009 10:38 am Post subject: |
|
|
Are you talking perception or verified figures?
Do you work in an environment where users are pretty savvy?
Do your users have lots of services to log in or just one or two?
Is there high turnover among your users?
Do your users log in several times a day?
Do your users log in less than once a week?
Is your password regime strict, requiring frequent changes and adherence to sophisticated rules?
etc. etc.
Depending on how you answer those questions, five percent may be a lot or a little and if you get twenty calls an hour then the average password reset request occurs every hour, but at twenty calls a week ...
The issue at the end of the day is about cost and improvement. How much time do users lose when they forget their password?
But, if your answer to the first question is "perception", then we should discuss psychological factors rather than business factors. _________________ "Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718 |
|
Back to top |
|
 |
|