If your organization has a service desk to handle password resets, remember that password reset tickets are an opportunity for hackers. A vendor, customer, or employee’s account remains vulnerable when they forget the password. In addition, your service desk can create more vulnerability if you fail to follow password management best practices. So what are the project management best practices that the IT service desk must follow? In this article at The Hacker News, the author explains how the service desk must reset passwords.
Improving Security During Password Resets
“One thing that most people probably do not stop and think about, however, is that even though the steps involved in the password reset process are simple enough, the process as a whole constitutes a major security risk,” explains the author.
Service desks are often a target of attacks. Therefore, have your own security house in order by securing machines. When users call or raise a ticket for a password reset, start with the user verification process—ensure that the user owns the account. The verification process must be challenging for hackers to infiltrate. Ask a series of questions that rely on users’ personal information, making it difficult for hackers to find. In addition, use multi-factor authentication (MFA) to verify users.
Say ‘NO’ to Temporary Passwords
Some service desks provide temporary passwords to the users. However, this is not a preferred approach because at least two people know the password. Further, it requires conveying the password. The process opens an opportunity for infiltration. If you have to inevitably use temporary passwords, follow the guidelines:
Create a unique password for each user. Never use the same temporary password for everyone.Use long passwords that contain random characters, not words.Use a mix of lowercase, numbers, special characters, and uppercase.
Once you set a temporary password for users, ensure that they have changed their passwords to something unique. Furthermore, whatever passwords users come up with must also be strong.
To read the original article, click on https://thehackernews.com/2021/05/how-should-service-desk-reset-passwords.html.
The post Service Desk: Follow These Password Reset Best Practices appeared first on AITS CAI’s Accelerating IT Success.