Virtualization Technology News and Information
Survey: 48% of Businesses Don't Use a User Verification Policy for Password Reset Calls to IT Service Desks
48% of organizations don't have a user verification policy in place for incoming calls to IT service desks, according to Specops Software. The information was uncovered as part of Specops Software's survey of more than 200 IT leaders from the private and public sectors in North America and Europe.

In addition, the survey found that 28% of the companies that actually do have a user verification policy in place are not satisfied with their current policy due to security and usability issues. For example, the majority of these companies rely on knowledge-based questions using static Active Directory information, such as an employee ID, a manager's name, or even HR-based information like the employee's date of birth or address - data that can easily be sourced by hackers. In fact, the National Institute of Standards and Technology (NIST) recommends against using knowledge-based questions because of their lack of security.

"Based on our recent findings, password resets at the service desk are a serious vulnerability for organizations of all sizes," said Marcus Kaber, CEO of Specops Software. "In the absence of a self-service password reset solution, it is up to the service desk agent to verify that the caller is the legitimate owner of the account before issuing a new password. Unfortunately, without a secure verification policy in place, service desk agents can provide account access to unauthorized users without even knowing it - exposing businesses to an increase risk of costly cybersecurity breaches."

Protect the IT Service Desk with Specops Secure Service Desk
Specops Secure Service Desk enforces user verification at the IT service desk and minimizes the risk for false user verification when resetting passwords. For instance, when an employee forgets their password, the employee will need to verify their identity via a one-time code sent to the mobile device associated with the user's Active Directory account. Once the user receives and confirms the code to the service desk agent, the employee's password can now be reset. By utilizing Specops Secure Service Desk, IT leaders can better equip their IT service desks and protect their organizations from unauthorized access to sensitive company data.

Get started with Specops Secure Service Desk by trying the solution for FREE here:

Published Monday, June 07, 2021 7:44 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2021>