Password resets are the second most common reason workers call help desks, accounting for about one in four help desk requests, according to the Gartner Group, an IT research company.
At an average cost of US$22 per call, according to Gartner, that adds up fast, especially for large-scale enterprises and midsize organizations.
“We have heard from customers about the need for greater efficiencies in managing identities across their networks,” says James Mastan, director of marketing for Microsoft’s Speech Server product group. “A key component of managing identities is password management, and Microsoft is committed to developing solutions and tools to make it easier and more cost effective for network administrators.”
Case in point: Four Microsoft Speech Server industry partners — Intervoice, SOFTEL Communications, Gold Systems and Metaphor Solutions — are building voice-driven applications that enable users to reset their own password over the phone, thus cutting the cost per reset to the cost of a phone call, and freeing up IT staff to focus on higher-value projects. These interactive voice response ( IVR ) applications are built on Microsoft Speech Server 2004 — a flexible, cost-effective speech platform that combines Web technologies, speech-processing services and telephony capabilities into a single system.
“Resetting passwords through the Microsoft Speech Server is one of a number of great tools to help IT professionals automate and manage this key component of identity management,” Mastan says.
The four industry partners say the Microsoft Speech Server offers numerous advantages over competing platforms. “Over the last year, we have invested considerably more resources and effort in our Microsoft speech server offering because of the capabilities and ease of development of the platform,” says Corey Coblentz, network operations center manager at Norcross, Ga.-based SOFTEL Communications, which develops, deploys and optimizes multi-channel contact center solutions on various industry leading platforms. “The resulting solution is more robust, easier to develop, quicker to roll out and more cost-effective than solutions built on any other platform.”
In developing their password-reset solutions, the four speech partners used best practice “threat modeling” — a structured approach for identifying, evaluating and mitigating risks to system security. This was reviewed against security criteria provided by the Microsoft Security Business Unit specifically for password-reset solutions.
Microsoft chose to team up with the four partners because of their extensive experience in password-reset solutions, says Kyle Kim, senior manager of Microsoft’s Strategic Planning Emerging Servers group. “Telephone-based self-service is one of the most effective and efficient ways to address this pain point,” he says.
Password Resets — A Necessary Hassle?
Driving the need for frequent password changes are a variety of threats to IT security — from emerging network threats and hackers, to information theft by internal abusers and competitive espionage. It is also important to point out the obvious — if an employee is locked out of a machine or access to the corporate network, he or she cannot take advantage of a Web-based password-reset solution, leaving the telephone as the only viable method to deliver a solution.
But following the traditional telephony process to reset passwords often involves hassle for the user. After calling the help desk, a user must wait on the phone while an IT person pulls up software to authenticate the user and view his or her profile. The user keeps waiting while the IT person asks a series of questions before finally asking the user to choose a new password. And that’s if the IT person is immediately available to help.
The more complex the process, the more costs accrue. Many workers have to remember multiple passwords — by one estimate an average of eight to 14 each. Some help desks support hundreds of applications, and some applications have differing authentication policies, such as differing frequencies of required resets and differing complexities of passwords — for example, with an alphanumeric element and a symbol.
“These businesses are concerned that more users are forgetting passwords, more users are getting locked out of systems, and more users are overloading the IT help desk by resetting passwords,” says Steve Stolt, director of product development for Gold Systems, a Boulder, Colo.-based provider of software components and services to enable customer self-service systems incorporating interactive speech.
Now consider this comparatively painless scenario using an automated password-reset application: An enterprise worker on a business trip wants to check her e-mail from her hotel room, but she cannot access her account because she has forgotten the new password she received the day before. The worker uses her cell phone to call the voice-activated reset application. The call is answered immediately, and the application reads the cell phone number — the first of several steps to authenticate the caller’s identity.
Next, the application retrieves personal information about the worker — entered into a Web page upon enrollment — from a data store such as Microsoft Active Directory. It randomly selects two of four “smart” personal questions and prompts the worker to answer them for verification. If the worker is authenticated, the application then creates a new temporary password, performs the reset, reads back the password over the phone and gives the worker 10 minutes to use it. The worker hangs up, logs on and is immediately asked to change the password.
“It’s quick, it’s simple and it’s secure,” says Michael Kuperstein, CEO of Wellesley, Mass.-based Metaphor Solutions, which provides off-the-shelf speech recognition applications on the Microsoft Speech Server to automate personal and customer service by phone. “The user never needs to leave a voice-mail message for a busy IT person, and the service is available round the clock and from any location.”
Features of Password-Reset Solutions
At a high level, password-reset solutions often consist of three elements:
The password-reset offerings from Microsoft partners offer customizable levels of security beyond the standard secure protocols that protect all communications between servers and over networks. For example, some solutions include features that “learn” to block phone numbers perceived as a threat. For greater security, another option is speaker verification — the use of voice biometrics to authenticate the caller’s identity and so keep unauthorized users from accessing a system even if they have gained access to an employee’s personal information.
Some password-reset solutions, including the offering from SOFTEL Communications, employ a challenge-response model for authentication. “But we have kept our architecture open to incorporating speaker verification and, to provide enhanced security, we may incorporate a hybrid of speaker verification and challenge-response,” Coblentz says.
The applications have a modular design that allows for adding or removing functionality without reworking the entire system, thereby allowing customers to adapt to new business requirements while preserving existing investments. Callers can be asked which password they want to reset — for example, “network password” or “e-mail password.” E-mail may be generated informing the user of the new password. If the reset fails, the call can be transferred to a representative. The applications also lend themselves to back-end integration with Active Directory and other host applications, data sources and security systems.
At the heart of this modular nature and high potential for customization is the fact that the solutions are based on Microsoft .NET, a set of software technologies for connecting information, people, systems and devices. Taking advantage of .NET enables a high level of software integration through the use of Web services — small, discrete, building-block applications that connect to each other as well as to other, larger applications over the Internet. “Microsoft .NET architecture allows a very easy deployment and integration of our password-reset solution into an enterprise,” says Kuperstein.
More Benefits of Password Reset Solutions
IVR applications have been used for many years in call centers to automate common customer interactions on the phone, such as making an inquiry on a bank account balance, paying a bill or purchasing a ticket. But these systems have typically been entirely separate from organizations’ Web systems.
Unifying telephony and Web infrastructures became a much easier and more cost-effective proposition for organizations with the launch in March 2004 of Microsoft Speech Server 2004 — the first single platform to combine Web technologies, speech-processing services and telephony capabilities.
Says Microsoft’s Mastan, “It delivered, for the first time, the true value of speech technology to enterprises such as reduced costs and increased return on investment ( ROI ), increased customer satisfaction, increased employee productivity, and it provides additional revenue generation opportunities.”
By the same token, password-reset solutions built on Microsoft Speech Server enjoy ease of integration with existing infrastructures, which means less customization, faster time to market and increased ROI for customers, both in direct savings stemming from automated resets and in indirect savings such as recovered productivity, partners say.
That’s especially true for the many enterprise IT organizations that have standardized their workflow environments on Microsoft .NET and Microsoft Windows Server System technologies. “It’s a clean method of integrating speech into your system using what you already have,” says Michael Segura, director of Microsoft strategy and products at Dallas, Texas-based Intervoice, which provides converged voice and data solutions. “It’s a really good fit.”
Furthermore, many of those organizations use products such as Microsoft Identity Integration Server and the Active Directory directory service to manage security. “That makes Microsoft Speech Server 2004 a logical choice because of its ability to easily integrate with the existing security infrastructures via .NET,” says Stolt.
Abundant Opportunities for Partners
The business case is equally clear for industry partners who develop solutions that take advantage of the growing installed base of .NET infrastructure, including ASP.NET — a Microsoft server-side Web technology used to create Web pages and Web services that is an integral part of Microsoft .NET. “It makes good sense,” Segura says.
Many more partner opportunities stem from the fact that Microsoft Speech Server 2004 builds upon the work of the open industry standard SALT specification. SALT is the only unified standard that addresses both telephony and multimodal access to information, applications and Web services from PCs, telephones, Tablet PCs and wireless personal digital assistants ( PDAs ). In multimodal applications, SALT enables speech input either as a standalone event or jointly with other interface options — such as speaking while pointing to the screen with a stylus, or using a keyboard, keypad or mouse.
For partners developing solutions on Microsoft Speech Server, the SALT technology is a big plus. “SALT has call control tags built in, which allows us to create a solution using a single markup language instead of getting bogged down with multiple markup languages,” Coblentz says.
The potential benefits to developers as the industry shifts toward a standards-based approach to developing speech-enabled applications include increased application portability, speech vendor interoperability and developer productivity. It’s also an environment that developers expect will offer greater support for development of multimodal applications — another plus for developers. “The Microsoft Speech Server offers a greater potential as a growth technology, particularly in terms of multimodality,” Coblentz says.
For Microsoft partners, password resets represent one of many opportunities. “This is only the beginning,” Kuperstein says of Metaphor Solution’s packaged password-reset application. “We have 21 more application packages to go that can be quickly added by the enterprise on the same speech platform.”
But the password-reset solution is a good place to start: “Password reset solutions are quite horizontal by nature,” says Coblentz. “Virtually all environments which employ a user ID/password login mechanism are suitable for this solution.”
Microsoft Speech Server 2004, part of the Windows Server System family of products, is available in Standard and Enterprise editions.
murdok | Breaking eBusiness News
Your source for investigative ebusiness reporting and breaking news.