Question

  • Creator
    Topic
  • #2141696

    Verifying Users Requesting Password Changes

    by fhannaford ·

    Tags: 

    We are an MSP and often have client users request help with passwords. Looking for ‘current’ guidance on effective ways to verify people are who they say they are. It used to be that calling them worked, but so much spoofing of phone numbers and emails anymore that doesn’t seem very effective.
    Looking for what others are doing these days…

You are posting a reply to: Verifying Users Requesting Password Changes

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • #2417194
      Avatar photo

      I haven’t called in for password help in about 2 decades.

      by rproffitt ·

      In reply to Verifying Users Requesting Password Changes

      All major sites have a password reset feature. Almost all send a message to the user’s email or phone with a verification code for resets.

      I worry that you don’t have such a system as you are a MSP. How can your company be 20 years in the past?

    • #2415549

      Shoe on head

      by kevinwood ·

      In reply to Verifying Users Requesting Password Changes

      While we are not an MSP – for internal company password resets where we need person verification we make our staff take a picture of themselves with a shoe on their head – this ensures we get a real-time photo of them (who has access to another persons photo with a shoe on their head???) as well introduces a bit of shame on their part for putting themselves in this situation. This may not be an effective method for an MSP since it is likely more customers you are dealing with but you get the idea. I was in this situation for a password reset for Instagram and they asked for a real-time picture of myself holding piece of paper with a unique code they provided where they could verify my visual identity with other pictures on my account. Other than that a password reset link sent to a known e-mail address or SMS code to a known cell number would work as well. Hope that helps!

    • #2415524

      2FA method using SMS code on user´s cellphone

      by ireneodjr ·

      In reply to Verifying Users Requesting Password Changes

      So far, the combination of sending reset link to the registered e-mail and SMS code continues to be efficient in doing personal verification for password request changes, but for added security, you may also strat using some pre-configured security check questions like mother´s maiden name, or brand of the first car owned, etc…

    • #2415523

      MFA method using SMS code on user´s cellphone

      by ireneodjr ·

      In reply to Verifying Users Requesting Password Changes

      So far, the combination of sending reset link to the registered e-mail and SMS code continues to be efficient in doing personal verification for password request changes, but for added security, you may also strat using some pre-configured security check questions like mother´s maiden name, or brand of the first car owned, etc…

Viewing 3 reply threads