Password resets in enterprise IAM: what is your team doing now?

TL;DR: Password resets remain a major enterprise friction point, with analyst estimates often putting 20% to 50% of help desk calls in this category and each manual reset taking 10 to 20 minutes, according to Bravura Security. The real issue is not convenience but identity governance, because weak reset processes create audit gaps and social-engineering openings.

NHIMG editorial — based on content published by Bravura Security: Password reset breakdowns expose the real enterprise IAM gap

By the numbers:

• A global financial services firm reduced helpdesk calls by 25% after implementing automated password reset.

Questions worth separating out

Q: How should security teams reduce password reset risk in large enterprises?

A: Security teams should make password recovery a governed identity workflow, not a help desk exception.

Q: Why do manual password resets create security risk?

A: Manual resets create risk because they depend on humans, are hard to scale, and often rely on inconsistent verification.

Q: How do organisations know if password reset controls are working?

A: Look for fewer repeat lockouts, shorter recovery times, complete audit records, and lower use of manual overrides.

Practitioner guidance

• Map reset flows as identity events Document every recovery path, including self-service, help desk, and exception handling, then assign control owners, approval points, and logging requirements to each step.
• Enforce MFA before any reset is issued Require strong verification before password recovery, and block fallback methods that can be socially engineered or reused across systems.
• Centralise reset audit evidence Store reset timestamps, identity proofing results, and administrator overrides in a single log stream so audit and incident teams can reconstruct activity quickly.

What's in the full article

Bravura Security's full article covers the operational detail this post intentionally leaves for the source:

• A customer example showing how automated password reset reduced help desk demand and improved user experience.
• A practical list of reset process bottlenecks that teams can audit before changing tooling.
• A summary of features the vendor says matter in self-service password management, including logging and policy enforcement.
• The vendor's own FAQ section on reset failures, compliance gaps, and support ticket reduction.

👉 Read Bravura Security's analysis of enterprise password reset breakdowns →

Password resets in enterprise IAM: what is your team doing now?

Explore further

View Full Forum →  |  NHI Foundation Course →