Password Reset
Self Service
Solution

Password Reset Self Service is the only Windows AD Password Reset Solution purpose-built for the NHS

The problems

Without a Password Reset Self Service solution users have to call or visit their NHS IT Helpdesk to reset their password. This takes time to do, with the average password reset currently taking 15 minutes and £50 of value from the organisation.

The challenge

Cybersecurity threats mean more organisations are mandating strong passwords, so the frequency of forgotten passwords is on the rise. We needed a solution that would make it simple for the users to reset themselves, but didn’t compromise on security and identity checks.

Our approach

The only NHS Password Reset Self Service solution designed in conjunction with, and purpose-built for healthcare. The service is delivered in the cloud by Isosec and allows users to seamlessly reset their Windows AD password credentials without time consuming use of IT Helpdesks.

Features

Cloud based deployment and management

The Password Reset Self Service solution is fully managed and delivered via the Isosec Secure Hub, with no costly infrastructure or IT resource required. The Isosec cloud based service is run in an ISO 27001 certified data centre that is built and secured to all NHS standards. With high availability and full redundancy and fail-over as standard, customers can rest assured of an always-on service. The service comes with 24/7 monitoring and full SLA performance surveillance.

Simple and secure enrolment for users

Password Reset Self Service offers a simple yet secure self-service initial registration and enrolment process for all Windows AD users. During the enrolment process, users can choose any of the three prescribed password recovery methods, ensuring that identity security is always paramount and vigorously enforced.

Intuitive and simple user experience

Password Reset Self Service is purpose built to be easy to deploy and simple and quick for users to reset their passwords. The solution removes any barriers that can delay a user needing to reset their Windows AD password. The user interface and overall functionality are simple and easy to use and speciifically designed so that users can intuitively follow the enrolment and password reset process without training. Password Reset Self Service saves time for both the user and the helpdesk, with around a third of all NHS helpdesk calls relating to password resets, the potential for saving money is significant.

Available Recovery Options:

Secret security answers: Users provide five secret answers at enrolment and then need to answer three of the questions correctly to reset their password

NHS smartcard: Users can choose their current NHS smartcard as a recovery option, which requires the correct passcode for the smartcard to be entered to reset the password

Email: Users nominate an email address to receive a password reset one-time passcode that must be correctly entered to reset the password

Benefits

Purpose-Built

Password Reset Self Service by Isosec is the only purpose-built solution desgined specifically for the NHS. Isosec have more than twelve years experience serving over 75 NHS Trust customers and delivering the best in class identity and authentication solutions.

Increased Efficiency

Using the Password Reset Self Service is incredibly convenient for the user, as well as the helpdesks. The Isosec cloud service enables the deployment of the solution across large IT estates, saving an NHS IT team additional time and resource. The solution is very easy to roll out and is optimised to work in any IT infrastructure deployment model.

Save time and money

Each password reset can take 5 minutes or longer for an IT helpdesk operator to complete and the inconvenience to the user is typically two of three times as long meaning access to critical applications for the user is unavailable for as much as 15 minutes. The mandate to use ‘strong’ passwords means that the prevalence of forgotten passwords can only increase. The use of Password Reset Self Service instantly removes the requirement for IT helpdesk involvement in the process, freeing them up to work on more important duties.

Clinical benefit

Clinicians currently lose valuable time when they forget their password and have to contact the already busy IT helpdesk to reset it. During this time they lose access to clinical systems due to their locked account. If this happens in the middle of a night-shift or in a remote location for example, they may have to wait for an extended period to have their password reset and any patient treatment may be delayed. Password Reset Self Service removes these delays and barriers, enabling clinicians to easily get passwords reset and treat patients in a timely manner

Information governance and risk

The process of password reset using an IT helpdesk can be highly insecure and exposes Trusts to the risk of sub-standard identity checking, especially during periods of peak demand. Poor identity checking poses serious governance and risk issues for Trusts with very little accountability. With Password Reset Self Service by Isosec, this is no longer the case. Password resets are always done with mandated identity and security checks. Usage and reset data are collected passively and collated for full audits at the touch of a button via the Isosec KPI and Analytics software.