Resetting Passwords (and Saving Time and Money) at the IT Help Desk
According to Gartner, 40% of all help desk calls are related to password resets — and those calls are expensive, with Forrester finding each password reset call costs an organization $70.
So it comes as no surprise that most businesses want to improve the productivity of their IT help desks and address the password reset cost problem. Many consider self-service solutions, possibly secured with Duo MFA, to help.
However, even the best self-service solution won’t eliminate all calls like these. And because help desk agents might feel pressure to reduce their ticket times (because time is money, after all) the focus on security can sometimes lapse.
For example, without a solution to enforce user identification at the help desk, organizations often rely on insecure methods like employee ID, which are vulnerable to a social engineering attack.
“Unfortunately, a lot of the methods currently used to verify users at the service desk today are insecure. Whether it’s employee ID or relying on recognizing someone’s voice, IT departments can do better.” —Darren Siegel, Product Specialist, Specops Software
Instead, IT teams can leverage solutions like Specops Secure Service Desk and Duo to address the need for improved efficiency and security.
How It Works
The help desk agent begins by looking up the user asking for assistance. Once they’re selected from the search results, we see a number of Quick Verification options, including Duo.
The options within Duo are dynamic, based on the user’s Duo enrollment. Duo Push is the easiest method, but if that’s unavailable the help desk can also request the one-time password (OTP) within the Duo app, or send an OTP via Duo SMS.
The user will receive a push notification on their device, with information about the help desk agent who requested it.
Once the user taps Approve, the agent will see they are verified. The Reset Password option is now unlocked as well.
Once verified, the help desk agent can reset that user’s password right from Secure Service Desk and, if enabled, share the link to complete their self-service enrollment.
On the Reset Password screen, the agent is presented with the password policy rules for the end user (this works with native Active Directory password policies or Specops Password Policy as shown here). The user will need to change their password again at the next logon.
No Extra Enrollment Steps
When your users are already enrolled with Duo and have the Duo Mobile app installed, there are zero extra steps for them to take to verify their identities at the help desk with Specops Secure Service Desk.
Secure Service Desk is part of a larger authentication platform that enables self-service for password resets and encryption key recoveries. When used together, the solution can offer a consistent authentication process for users across all scenarios, utilizing Duo and more.
Do you need a secure process to verify users at the help desk? See how Secure Service Desk can help.