Page 34 - index
P. 34
Everyone Forgets Passwords
Even when employees implement methods to remember their password, passwords are
forgotten. It is hard to believe, but even when employees write passwords down, they seem to
forget them periodically.
Passwords are forgotten for a wide variety of reasons. First off, our brain can only remember so
much information. In some cases, our brain is a first-in, first-out machine. So, if we are to
remember something new, we must forget something we already know. Or at least this is what it
seems like with many employees and their passwords. Second, many employees are forced to
have a multitude of passwords. Ideally, each password needs to be unique so that a hacker
can’t access all systems with just one password being compromised. With so many passwords,
it can be difficult to keep track of them all or keep each password in line with each system.
Finally, employees go on vacation or holiday and seem to always forget their passwords upon
return.
Consequences for Forgotten Passwords
Often times, efforts to make passwords more secure can backfire. Although passwords in your
organization might be more secure today than yesterday, users forget their password more
often due to a more secure password. When employees forget passwords, there are distinct
consequences for the organization.
One consequence is loss of productivity by the user. When a user forgets the password, the
initial instinct is to try and remember the password from the myriad of passwords for the
different systems. These attempts could also include sifting through the long list of previous
passwords in an attempt to remember the current password. During this time, the employee is
not able to get into their computer, and thus, no work is being accomplished.
Another consequence of forgotten passwords is the stress it puts on the help desk. If the user is
unable to remember his or her password, or too many incorrect passwords are input causing the
user account to be locked out, the user must call the help desk for assistance. The help desk is
designed to handle user-related computer issues, so productivity can be kept at a high level.
In a 2013 survey for RSA, SANS Institute found that password reset requests were the second-
most common call made to help desks. On a related note, SANS researchers found that 65
percent of their survey respondents were addressing those calls manually, with live agents,
rather with an automated, self-service solution.
A direct consequence of the stress put on the help desk is additional time lost and increased
cost for IT. When there is stress on the help desk due to resetting passwords, more pressing
and important tasks are not addressed as quickly. Even for a small organization with a few
hundred employees and a handful of admins, the cost of a single password reset could be up to
$70 per call, according to widely-cited research from Forrester.
34 Cyber Warnings E-Magazine – January 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
