Notifications
Clear all
Topic starter
25/06/2026 5:20 pm
TL;DR: Password management is often treated as a help desk convenience, but SailPoint argues it is a core IAM capability that supports remote onboarding, policy enforcement, and self-service resets across human and shared accounts, with 30% or more of service desk calls tied to password resets according to Gartner. The real governance issue is whether access processes reduce friction without weakening identity controls.
NHIMG editorial — based on content published by SailPoint: Password Management - The road to IT productivity
By the numbers:
- 30% or more of all IT Service Desk calls are password reset-related.
Questions worth separating out
Q: How should security teams govern self-service password resets for remote workers?
A: Treat self-service reset as an access control workflow, not a support shortcut.
Q: Why do shared and service accounts need stricter password handling?
A: Shared and service accounts often support multiple systems or users, so a password change can break business processes or expose hidden privilege reuse.
Q: What signals show that password management is costing more than it saves?
A: Look for high reset volume, repeated resets for the same users, long handling times, and heavy service desk dependence for routine recovery.
Practitioner guidance
- Make password reset a governed identity workflow Document the identity proofing steps, recovery factors, approval paths, and audit trail for every reset flow so service desk handling is consistent and reviewable.
- Separate employee recovery from shared account recovery Use stricter approvals and tighter ownership controls for shared or service accounts because their reset impact extends beyond one user and can affect multiple business processes.
- Measure reset friction as an operational control Track reset volume, average handling time, and repeat reset frequency so you can identify where self-service is reducing cost and where it is creating avoidable failure points.
What's in the full article
SailPoint's full blog covers the operational detail this post intentionally leaves for the source:
- Browser, Windows login, and lock-screen reset flows for end users
- Out-of-the-box password policy enforcement examples across integrated applications
- Change request handling for password updates outside Active Directory
- Optional approval handling for shared and service accounts
👉 Read SailPoint's blog on password management for remote IAM productivity →
Password management for remote work: what IAM teams need now?
Explore further
25/06/2026 5:57 pm
Password management is an identity governance control, not a convenience feature. The article correctly frames resets and password policy as part of the access experience, especially in remote work environments. That matters because the control influences both productivity and the trust boundary around account recovery. Practitioners should treat password management as a governed identity process, not a standalone service desk feature.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How do organisations balance password convenience with identity governance?
A: By designing reset workflows that are self-service where appropriate and tightly controlled where risk is higher. Ordinary employee recovery can be streamlined, but sensitive accounts should require stronger verification and approval. The goal is lower friction without losing accountability, documentation, or policy consistency across systems.
👉 Read our full editorial: Password management is still a core IAM productivity control
