Password-Reset Practices in Support


An HDI Research Corner Report

by Jenny Rains
May 23, 2012

 

When a group of IT service or technical support professionals gather, one can almost always expect to hear chatter about password resets. On average, about three out of every ten tickets received by support centers are related to password resets. This finding, from a recent HDI Research Corner survey (339 respondents), helps explain why password reset practices remains a topic of interest in the IT service and technical support community.

The survey results revealed that even though 20 percent of support centers report that less than 10 percent of their tickets are about password resets, over 30 percent of tickets are password-reset related in more than one-third of support centers. This article highlights some of the current practices surrounding password resets and the ticket volumes associated with these types of calls.

Self-Reset

Most organizations (69%) allow their customers to reset at least some of their passwords without contacting the support center. Surprisingly, those organizations that don’t allow customers to reset any of their passwords have a lower password-reset ticket volume than those that do. In support centers that allow their customers to reset all of their passwords themselves, about 34 percent of their tickets are related to password resets; in support centers that don’t, the password-reset ticket average is 26 percent.

Password Strength

Without some level of security, passwords are just letters and numbers. However, most organizations have requirements that ensure the security of their customers’ passwords. One of the most common requirements is the periodic password change. This has become a standard practice in the industry, with 89 percent of organizations requiring periodic password resets. Most organizations (52%) require customers to change their passwords every ninety days. Twenty-eight percent of organizations require more frequent resets (e.g., thirty days, forty-five days, sixty days, etc.), and 18 percent require less frequent changes (e.g., every four months, six months, annually, etc.). For some organizations, the reset schedule is specific to a particular application. And to further secure their customers’ passwords, most organizations (85%) set limits on the reuse of passwords when they are reset or changed.

Another common practice involves setting requirements for the content of passwords, such as length (89%) and mix of character types (84%), such as letters (upper- and lowercase), numbers, and symbols. Additional content restrictions were reported in the “other” category. For instance, some organizations prohibit words that can be found in the dictionary, while others ban proper names or company names. Only one percent of organizations have no password-strength requirements at all.

Number of Passwords

Most organizations require customers to remember multiple passwords; only 13 percent report requiring customers to remember just one password. This isn’t very surprising, but it is important to note that this group also has the lowest password-reset ticket volume, at 25 percent of the total ticket volume. Meanwhile, in 68 percent of organizations, customers are responsible for keeping track of two to five passwords. Nineteen percent of organizations require customers to remember more than five passwords, and in these organizations, the password-reset ticket average is 32 percent of the total ticket volume.

Many organizations have implemented self-help features that allow customers to reset their own passwords, freeing up support center staff to address more critical tickets. However, overall, the survey results don’t indicate a positive relationship between empowered customers and a decrease in password-reset ticket volume, though they do seem to support the use of a single-sign-on system. After all, fewer passwords result in fewer calls about resetting them.

 


The preceding report is included in the just-released HDI Research Corner: A Compilation, 2010–2011. This compilation contains the thirteen HDI Research Corner reports released between May 2010 and June 2011. Each report investigates a current “hot” topic in the support industry, providing readers with valuable information based on feedback from organizations that are currently experiencing similar successes and struggles. Get your copy today.


 

Jenny Rains has worked with HDI in a research/analysis capacity since 2003. Before coming to HDI, Jenny was the research/data analyst for one of the largest school districts in Colorado. Her areas of expertise include survey development, research design, data analysis, program evaluation, and project management.

Tag(s): technology, process, practices and processes, research

Related:

More from Jenny Rains :


Comments: