Survey: 48% of Businesses Don’t Use User Verification for IT Service Desk Calls

Specops software
Specops Software survey highlights social engineering vulnerabilities among IT service help desks

In addition, the survey found that 28% of the companies that actually do have a user verification policy in place are not satisfied with their current policy due to security and usability issues. For example, the majority of these companies rely on knowledge-based questions using static Active Directory information, such as an employee ID, a manager’s name, or even HR-based information like the employee’s date of birth or address – data that can easily be sourced by hackers. In fact, the National Institute of Standards and Technology (NIST) recommends against using knowledge-based questions because of their lack of security.

READ:  78 Innovators and Products Named 2021 Fortress Cyber Security Award Winners

“Based on our recent findings, password resets at the service desk are a serious vulnerability for organizations of all sizes,” said Marcus Kaber, CEO of Specops Software. “In the absence of a self-service password reset solution, it is up to the service desk agent to verify that the caller is the legitimate owner of the account before issuing a new password. Unfortunately, without a secure verification policy in place, service desk agents can provide account access to unauthorized users without even knowing it – exposing businesses to an increased risk of costly cybersecurity breaches.”

Specops Secure Service Desk enforces user verification at the IT service desk and minimizes the risk for false user verification when resetting passwords. For more information, visit

Thanks for visiting! MyChesCo brings reliable information and resources to Chester County, Pennsylvania. Please consider supporting us in our efforts. Your generous donation will help us continue this work and keep it free of charge. Show your support today by clicking here and becoming a patron.

Leave a Reply