Tech News
← Back to articles

Can users reset their own passwords without sacrificing security?

2025-10-31 | original
read original related products more articles

Like it or not, passwords aren’t going away anytime soon. While many organizations are exploring passwordless authentication, passwords still serve as the main line of defense for most public-facing online services.

That said, they come with a heavy management burden. Gartner estimates that 40% of all service desk calls are tied to password issues like expirations, changes, and resets. Some of these issues (like forgotten passwords, routine expirations, or security-driven updates) are unavoidable, yet they still consume valuable time and resources.

Forrester puts the cost of each reset at around $70, which can quickly add up. Given these figures, the case for a self-service password reset solution is highly compelling: by enabling users to handle resets on their own, organizations can reduce helpdesk load and cut costs – without compromising security.

About self-service password resets

Self-service password resets (SSPRs) enable users to securely reset their own passwords without involving IT support. By allowing users to handle these routine but essential tasks independently, SSPRs significantly reduce help desk ticket volumes, lower costs, and boost productivity by empowering users to regain access quickly or perform regular passphrase refreshes.

With SSPRs, this can all happen without manual human IT helpdesk intervention. And the benefits are quantifiable, down to dollars saved: in 2022, an average organization saved $65K with self-service password resets.

Core security considerations

At its core, SSPR shifts the responsibility of password recovery from IT to the end user. For this reason, security teams should prioritize the proper security considerations when implementing an SSPR solution, such as including strong identity verification measures.

Without proper safeguards, SSPR can become an attractive target for attackers looking to exploit weak reset processes and gain unauthorized access to user accounts.

A secure SSPR process must rely on identity verification methods that are resistant to common attack vectors like phishing and prompt bombing.

... continue reading

Related:
iOS 26.1 Adds These Features to Your iPhone, Including a Liquid Glass Setting
Windows 10 update incorrectly tells some users they've reached end-of-life, despite having extended support — Microsoft confirms message sent to Enterprise, Pro, and Education users in error
DOJ Accuses US Ransomware Negotiators of Launching Their Own Ransomware Attacks
The Ultimate Guide to Locking Your Social Security Number and Protecting Your Identity
Windows 10 update bug triggers incorrect end-of-support alerts

© 2025 GoKawiil