How are your Help Desks verifying the identity of end-users prior performing activities like password and MFA factor resets?

Identity & Access Management (IAM)Security
1.8k viewscircle icon5 Comments
Sort by:
Chief Supply Chain Officer in Government6 months ago

We don't have nor do we want self service password resets.
We require challenge question responses via in-person (preferred) or phone via their manager/supervisor.

Lightbulb on1 circle icon2 Replies
no title6 months ago

How are you verifying that the person on the phone is who they say they are?  Isn't that how MGM got popped?  In an enterprise with more than one location that's going to be a problem.

Lightbulb on1
no title6 months ago

Hi Doug,<br>As the comment said - "Via their Supervisor/Manager"<br>They verify their identity first.<br>The supervisor/manager works directly with them on a daily basis and would know if it's them or not.

Lightbulb on1
CISO in IT Services6 months ago

Help Desk Teams are verifying the identity of end-users prior to performing activities like password and MFA resets via a few ways. Some utilize another form of 2FA or MFA as users are usually required to have a few ways of identity verification like something you know, something you have, or something you are. Self-Service Password Reset (SSPR) allows users to reset passwords on their own using predefined verification methods, which helps lower these help desk requests. We love conditional access policies to enforce verification steps based on the user’s location, device, or risk level. Verify explicitly by always using strong authentication methods and ensuring compliance before authorizing.

Lightbulb on1
Director, Special Projects, IT/OT Security in Energy and Utilities6 months ago

Challenge questions.

Lightbulb on1

Content you might like

Are you concerned about network security for your remote workers?

Not concerned at all8%

Slightly concerned49%

Moderately concerned26%

Significantly concerned14%

It’s our top priority1%

View Results

Which of the following category of endpoints represents the weakest security in your organization?

Laptops18%

Mobile devices49%

IoT16%

Network infrastructure7%

Servers2%

Cloud infrastructure3%

Other (please comment below)1%

View Results

Do you have any tips to boost the SOC/security operations team’s visibility into IAM? Have you managed to effectively close that gap at your organization?

What tools are being used for patching systems (especially the non-Windows ones such as Linux, Unix, etc.)?

Does anyone have any guidance on how to measure IT Service Desk effectiveness and alignment with customer needs?  We have a number of measures in place to measure productivity and effectiveness; however, I believe that the IT Service Desk needs to be aligned with the constantly changing needs of its "customers". What is the best way to measure this?