Forgotten passwords and password problems are the second most common reason workers call help desks with between 20%-50% of all calls requesting password resets. As long as employees continue to have to remember credentials, resets will continue to plague businesses – but exactly how much does a password reset cost a company?

Show Me the Money!
For millions of support staff and administrators around the world; resetting forgotten, expired or even compromised passwords is part of the territory. It comes as no surprise however that these staff find this activity tedious, time-consuming and from a business perspective extremely expensive. According to Forrester research, the average cost of a password reset is in the region of $70.

Although statistics vary depending on the organisation, the following are universal findings:

• Help desks receive 1.75 calls per-user per-month about passwords
• Password resets account for 30% of all help desk calls

Tallying up these numbers and using Forrester’s average support call cost of $25 per call:

After calculating all of these numbers, it’s quite amazing to see how something as small and simple as a password reset can cost so much. These estimates only account for users with only one password problem. Although many users may prefer to only have one password for all systems, it’s extremely uncommon and in fact they’ll have to remember numerous passwords at any one time. As we battle to ensure users regulary change passwords and continually increase the complexity rules around password security, we only compound the problems faced by users.

Looking at the above table; a medium sized business of around 300 employees can expect to lose over $40,000 a year on password resets with a business of around 500 around losing $100,000 – ouch!

Pramatr IAM’s Self Service Password Reset
Pramatr IAM provides a self service password reset solution that allows users to self reset their own passwords securely and easily across a varied number of systems. There’s no need to create a support ticket or even rely on a help desk, just open up a web browser and Pramatr’s self service portal can do the rest. Pramatr IAM’s self service password reset and management solution not only reduces the number of help desk calls but allows support staff, administrators and users to spend their day on more productivity tasks.

Pramatr IAM Early Access release is just about ready, so why not join the beta program? Registration will be opening shortly, until then you can catch our mussings and anouncements on our product and development twitter pages as well as keeping up to date with the product by following our blog.

Rallydev is Rally software’s agile life-cycle management suite. For the last few months we’ve had the pleasure of using the community edition. So it was high time we told you what we thought. Before I start you should know that Pramatr is in no way associated with Rally software.

Are We Agile?
Pramatr’s use of tools and techniques is quite simple; if something works we use it and if it doesn’t we don’t. We strive to make things easier for us to develop and deliver and anything that makes this process simpler and quicker is ok by us. We use continuous integration, unit testing, small chunks of achievable work etc… all of which are techniques found within agile methods.

So are we agile? No not really, we don’t tick all the various boxes to make sure we’re following an imaginary agile line, in fact I dare say there are agile techniques we certainly don’t do. As a small team, requirements change and items are sometimes not finalised until an iteration of work actually starts. At times new and pressing requirements find their way in to an iteration mid-way through. So to manage our project we needed something that could manage all of this but also give us some lose structure that we could work with.

No Install!
Rallydev is deployed as SaaS so right off the bat there’s no install. With this simple deployment approach you can eliminate any setup and maintenance costs and just use the software to do exactly want you want. A quick registration on the website is required and then you’re away.

Nice Visuals
The Rallydev UI is an absolute pleasure to work with, incorporating great use of space and colour. The elegant way in which you can try new features and give feedback is simply brilliant. The plethora of reports provided gives great visibility into the project. With its ‘double-click’ in-line task editing and modifiable dashboard, items you need to access often are accessible with a single click. This is a great time saver and just works!

Active Community
Rally’s community forums seem to be bustling with life backed full of questions, hints and tips and great new ideas. There’s even a nice opportunity to vote for new features, which is really a great idea for both customers and company alike. Listening to what your customers want might seem like common sense, but how many companies allow customers to properly engage in this way?

And the Oscar Goes too…
The absolute killer feature for us is Rallydev’s Eclipse integration, a mylyn based plug-in that fits into the IDE effortlessly. Eclipse integration has become a must have feature over recent years but many products are still left lacking, but not Rallydev.

Free! You got to love it right?
Rally have really captured a market share here by giving smaller businesses the opportunity to use their product for free. They’ve recognise there’s more micro-sized businesses than large behemoth enterprises but what’s even more exciting is the feature list you get with CE – it should keep even the most ardent of agile supporters happy:

• Manage requirements through user stories
• Manage releases
• Monitor and manage iterations
• Monitor and assign resources
• Task-board views
• Numerous task and defect reports
• Manage defects and defect suites
• Record test cases against stories

Summary
With Rallydev you get a great product with features bursting from the seams. It’s easy and accessible and will allow you to very quickly integrate your business and requirements. In no time at all you can have your team trained, registered and working for your new management tool (especially with the Eclipse integration!). Smaller businesses can try it without restriction which should really help spread the word for this great product and convert many CE users to paying Enterprise customers. Try Rallydev out today and more importantly let them know what you think!

HMRC have recently warned of another phishing scam which has surfaced telling people to review their fraudulent tax claims. For most people seeing the words Tax and Fraudulent in the same sentence can immediately have them in a panic:

As usual with phishing scams, the address looks genuine but it’s spoofed. The header information suggests that the senders originate from Japan and the URL actually points to online.hmrc.gov.uk.neaazax.cn – don’t remember the Inland Revenue being moved to China.

The email links to a fake HMRC website and asks that you download and review a tax statement document. The website then opens an executable file on your machine which compromises the host machine. As usual with these types of social engineering you should listen to common sense before clicking any links on unsolicited email. You can forward recieved spam on to phishing@hmrc.gsi.gov.uk for this particular scam and there are many references out there which give help and advice related to phishing and social engineering.

Recently 10,000+ Yahoo!, Hotmail, Gmail, AOL, Earthlink and Comcast etc. accounts were compromised through phishing scams and uploaded to places such as pastebin. Mass pandemonium ensued, various sites and even radio and television announced the breaking news. In one respects the scale of the hack was quite significant, the numbers quite hard to comprehend but should we be recording this hack into the records books just yet ?

A Record Breaker ?
According to Rik Ferguson, a security researcher at Trend Micro, the number of accounts is not all that special  its, “simply the ugly backside of online crime sticking out of the water for a second as they dive back into murkier depths“. On a regular day around the hacking ether you can found compromised accounts being sold and shared, the numbers often go beyond the reported 20-30000 hacked. For spammer’s a collection of compromised accounts helps increase the chances of success, each account has an address book brimming with lists of trusted contacts waiting to fall victim.

So we don’t need to record this number just yet, however if we remember only accounts starting with the letters A and B have only been made public so far, maybe a taste for more to come ?

Cost of Accounts
To further add salt to the wound the actual financial reward of these 10,000 accounts is quite nominal. A quick look reveals 1,000 hacked accounts are charged at $15, taking the dealers bulk order discount, for 10,000 hacked accounts it costs you $120 with a 100% replacement guarantee if any accounts is invalid – with a great deal like that these hackers should be out selling cars!

It seems a measly 10,000 accounts isnt even worth getting out of bed for.

Multitouch capabilities have been around for a little while now, on mobile phones and laptops but now Microsoft have added multi touch to the humble little mouse. In the video below, courtesy of Techflash, you can see several of Microsoft’s engineers showing off some space-aged mice. One mouse’s surface detects touch and movement while the other does the same but with a camera – and the mouse with the antenna’s ? Well thats just plain weird.