How Should the Service Desk Reset Passwords?

Service Desk Reset Passwords
Share It On:

10th May 2021, Kathmandu

Now and then, when employees forget passwords, they call the service desk to change or reset them. The help desk does other tasks too, but the average help desk assistant claims they reset passwords all day. In most organizations, a disproportionate amount of help desk calls are tied to reset passwords.

It may not seem to be a big deal having help desk assistants fixing passwords; after all, they open active directory users and computers, right-clicks on the user account, and closes the reset password command from the shortcut menu. This process is much easier. According to preference, organizations can even opt to use an alternative tool such as the Windows Admin Center or even PowerShell.

However, People fail to recognize the security risk involved with the password reset process; that’s why it is necessary to secure the password reset process.

Security at the Service Desk

According to a Service Desk Institute Research, 35% of organizations don’t get secure management to approve the reset process done by the service desk or analyst, and the other 65% is used for questioning data and resources readily available for criminals.

To provide a password to a legitimate user, including penetration tests such as identity verification to minimize the security issue. When there’s no authentication process assigned by management, there is a chance that the administration will provide a password to the wrong user. The IT-based solution is needed for identity verification, yet management should define the process performed by service desk analysts. The authentication process must be based on dynamic information because static information is too easy to get into.

The user’s caller IP can also be used as validation tools sometimes. Nevertheless, the caller’s identity doesn’t eliminate the risk of another user impersonating to seek help from that user’s desk. It’s still unsafe and easy to spoof caller ID information as people call from an outside line remotely. This technique is used by telemarketers and telephone scammers most of the time. Due to this reason, caller ID cannot be trusted.

The security question is another common validation technique asking random questions about pet names and born addresses. It poses the most obvious security risk that is the internet makes it easy to gather personal information about people. If the question is known, attackers may search for relative answers to that question. Also, wrong-minded technicians may misuse the information as they know all the answers to such questions.

So, the main point is even unethical technicians can be a threat as they can perform an unrequested password reset. They may take advantage of users who are on leave, vacations, or away from work.

Best Practice for Service Desk

Adoption of third party password solution can be used to securely verify a user’s identity for resetting passwords, such as sending a one-time code to the user’s mobile device, multi-factor identity verification which will make it impossible for technicians to perform an unauthorized password reset and enrollment notifications on mails or from any active directory on user’s device. These methods can be used for securing the whole process without causing trouble to the users.


Share It On:

Recent Posts

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a