Specops Software Survey: 48% of Businesses Do not Use a User Verification Policy for Password Reset Calls to IT Service Desks

Specops Software survey highlights social engineering vulnerabilities among IT service help desks. 

48% of organizations do not have a user verification policy in place for incoming calls to IT service desks, according to Specops Software, the leading provider of password management and authentication solutions. The information was uncovered as part of Specops Software’s survey of more than 200 IT leaders from the private and public sectors in North America and Europe.  

In addition, the survey found that 28% of the companies that do have a user verification policy in place are not satisfied with their current policy due to security and usability issues. For example, most of these companies rely on knowledge-based questions using static Active Directory information, such as an employee ID, a manager’s name, or even HR-based information like the employee’s date of birth or address – data that can easily be sourced by hackers. In fact, the National Institute of Standards and Technology (NIST) recommends against using knowledge-based questions because of their lack of security. 

“Based on our recent findings, password resets at the service desk are a serious vulnerability for organizations of all sizes,” said Marcus Kaber, CEO of Specops Software. “In the absence of a self-service password reset solution, it is up to the service desk agent to verify that the caller is the legitimate owner of the account before issuing a new password. Unfortunately, without a secure verification policy in place, service desk agents can provide account access to unauthorized users without even knowing it – exposing businesses to an increased risk of costly cybersecurity breaches.”  

2022 weak password report image
Password attacks are on the rise. The 2022 Weak Password Report has insights into just how vulnerable passwords truly are.

Protect the IT Service Desk with Specops Secure Service Desk 

Specops Secure Service Desk enforces user verification at the IT service desk and minimizes the risk for false user verification when resetting passwords. For instance, when an employee forgets their password, the employee will need to verify their identity via a one-time code sent to the mobile device associated with the user’s Active Directory account. Once the user receives and confirms the code to the service desk agent, the employee’s password can now be reset. By utilizing Specops Secure Service Desk, IT leaders can better equip their IT service desks and protect their organizations from unauthorized access to sensitive company data. 

Get started with Specops Secure Service Desk by trying the solution for FREE. 

About Specops Software  

Specops Software is the leading provider of password management and authentication solutions. Specops protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control. Everyday thousands of organizations use Specops Software to protect business data. 

(Last updated on October 19, 2022)

Back to Blog