Home Features Automatically Update Cached Credentials for Remote Users

Automatically Update Cached Credentials for Remote Users

reusing passwords

The COVID-19 pandemic has completely changed our daily routines, including how we work. Businesses around the globe have asked their employees to implement work from home strategies in response to the outbreak. However, without the supporting infrastructure, technologies, and contingencies to enable a secure remote workforce, many businesses will face the shortcomings of their business continuity plan.

By Darren James, Product Specialist, Specops Software

Most users are working from home for the first time and lack basic cybersecurity training. IT admins are now tasked with managing this new infrastructure, and the vulnerabilities that come with it. To ensure the long-term continuity of their businesses, they need to secure the work from home network periphery.

The basis of any security, however, comes from having a strong base, and this base is built upon a strong password. A unique password is the first line of defense for any business system, be it the organization’s VPN network, official email service, or the employees’ endpoint devices.

“Password Reset” a Recurring Problem

A recent study showed that 78% of the surveyed respondents had reset the passwords for at least one of their personal accounts within the last 90 days. It also claimed that 57% of them had to perform a password reset for their work account. These numbers are concerning as Forrester Research estimates an average single password reset cost up to $70. According to META Group, an organization’s service desk receives an average of 21 calls per user every year, of which Gartner’s research estimates 20-50% of all calls are for password resets.

Managing the volume of password resets at the service desk can be time-consuming. Some of the most typical tickets are:

  • I forgot my Windows login password.
  • Help! I am unable to log in to my account.
  • Someone changed my password. I want to reset it now.
  • I want to recover my account. How can I change my user password?

And the list continues…

IT Admins and service desk managers must resolve passwords reset tickets quickly, otherwise, business continuity takes a hit. However, this becomes difficult when these requests are received from remote users, especially with no proper process in place for verifying the identity of the user.

The Problem with Remote Password Reset

Most organizations do not have a secure remote password reset process in place. Asking for employee IDs or answers to security questions for user verification is common, and leaves the service desk exposed to social engineering attacks. Even if the service desk successfully validates these users, additional challenges await.

When there is no domain controller in reach, cached credentials are used for user authentication. Employees working remotely will not have the means to update their cached credentials, even if the service desk does a manual password reset. When changing the password in AD, the service desk needs to untick the “user must change password at next logon” setting for remote users to allow the user to connect to the VPN, without the cached credentials stopping them. But, while doing so, they will now know the user’s password. This poses a new security risk at the service desk. Additionally, since most service desk employees use default passwords like test1, reset123456, 123@abc, during a password change, guessing the user password will be easy if left unchanged.

These problems cumulatively add to the woes of the IT Admins who receive large volumes of remote password reset tickets. The best way to overcome this barrier is to implement a self-service password reset solution.

AD Self-Service Password Reset

AD Self-Service Password Reset allows users to reset their passwords without contacting IT or the service desk. Be it an expired password, or a forgotten password issue, users can quickly unlock their account and reset their password, and continue working from the home, office, or on the go. One such AD Self-Service Password Reset tool is available from Specops Software.

With security features like multi-factor authentication and geo-blocking, the Specops password reset solution provides the high level of security you expect. It enables end-users to initiate the remote password reset process from any browser, mobile device, or right from the Windows logon screen of their remote workstations. The password reset solution from Specops also eliminates the cached credential problem for remote users by automatically updating the local credentials during a password change or reset.


Supporting a remote workforce can stretch the limits of your technology. In most organizations, there is a strain on the service desk, and remote password reset requests only consume more valuable time. The same amount of time, however, can be used to address other pressing issues in the organization’s business continuity plan.

Thus, to reduce the call volumes to the service desk due to account lockouts, IT teams need to use a self-service password reset solution which also provides an excellent ROI for efficiently managing remote users.

Learn more about how Specops can help you manage password reset requests.


CISO MAG did not evaluate the advertised/mentioned product, service, or company, nor does it endorse any of the claims made by the advertisement/writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.