How Should the Service Desk Reset Passwords?

Service Desk Reset Passwords
Share It On:

10th May 2021, Kathmandu

Now and then, when employees forget passwords, they call the service desk to change or reset them. The help desk does other tasks too, but the average help desk assistant claims they reset passwords all day. In most organizations, a disproportionate amount of help desk calls are tied to reset passwords.

It may not seem to be a big deal having help desk assistants fixing passwords; after all, they open active directory users and computers, right-clicks on the user account, and closes the reset password command from the shortcut menu. This process is much easier. According to preference, organizations can even opt to use an alternative tool such as the Windows Admin Center or even PowerShell.

However, People fail to recognize the security risk involved with the password reset process; that’s why it is necessary to secure the password reset process.

Security at the Service Desk

According to a Service Desk Institute Research, 35% of organizations don’t get secure management to approve the reset process done by the service desk or analyst, and the other 65% is used for questioning data and resources readily available for criminals.

To provide a password to a legitimate user, including penetration tests such as identity verification to minimize the security issue. When there’s no authentication process assigned by management, there is a chance that the administration will provide a password to the wrong user. The IT-based solution is needed for identity verification, yet management should define the process performed by service desk analysts. The authentication process must be based on dynamic information because static information is too easy to get into.

The user’s caller IP can also be used as validation tools sometimes. Nevertheless, the caller’s identity doesn’t eliminate the risk of another user impersonating to seek help from that user’s desk. It’s still unsafe and easy to spoof caller ID information as people call from an outside line remotely. This technique is used by telemarketers and telephone scammers most of the time. Due to this reason, caller ID cannot be trusted.

The security question is another common validation technique asking random questions about pet names and born addresses. It poses the most obvious security risk that is the internet makes it easy to gather personal information about people. If the question is known, attackers may search for relative answers to that question. Also, wrong-minded technicians may misuse the information as they know all the answers to such questions.

So, the main point is even unethical technicians can be a threat as they can perform an unrequested password reset. They may take advantage of users who are on leave, vacations, or away from work.

Best Practice for Service Desk

Adoption of third party password solution can be used to securely verify a user’s identity for resetting passwords, such as sending a one-time code to the user’s mobile device, multi-factor identity verification which will make it impossible for technicians to perform an unauthorized password reset and enrollment notifications on mails or from any active directory on user’s device. These methods can be used for securing the whole process without causing trouble to the users.


Share It On:

Recent Posts

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future Plans

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future

Share It On:22nd November 2024, Kathmandu Liberty Energy Company Limited is gearing up to issue rights shares starting December 1,

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Share It On:22nd November 2024, Kathmandu Asha Laghubitta Bittiya Sanstha is holding its 8th Annual General Meeting (AGM) today, November

6th Asian Population Conference 2024 in Nepal: Advancing Sexual and Reproductive Health Policies

6th Asian Population Conference 2024 in Nepal: Advancing Sexual and

Share It On: 21st November, Kathmandu Nepal is set to host the 6th Asian Population Conference from November 27 to

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Share It On:21st November, Kathmandu Kumari Bank Limited has officially declared its intention to sell a substantial number of promoter

Up to NPR 150 Cashback on Nepal Telecom and Ncell Services with Namaste Pay

Up to NPR 150 Cashback on Nepal Telecom and Ncell

Share It On:21st November, Kathmandu Namaste Pay has unveiled an exciting new campaign to reward its users with cashback on

Ncell introduces innovative feature, enabling customers to convert voice to data or data to voice services

Ncell introduces innovative feature, enabling customers to convert voice to

Share It On:21st November, Kathmandu Ncell customers can enjoy an innovative feature that allows them to convert or exchange remaining