Hello
I work at a IT company and I have been tasked with creating a policy for how we do password changes for clients.
We have clients in all fields at different companies and we need to establish a secure way for our helpdesk to verify the person before we perform a password reset.
The company wants this to be human controlled and does not plan on spending any money for a password reset program or an authentication system.
My thought was to leave it up to the clients, for example have 2-3 people designated at the clients office who are the only people we will accept password reset requests from, they would be the point of contact to us and would forward requests.
My other thought is that when some calls us we would request a co workers/supervisors email address ( and confirm that address in our system) then send the reset password to them.
What do you all think, and or anyone got some good suggestions for me?
Thanks.
I work at a IT company and I have been tasked with creating a policy for how we do password changes for clients.
We have clients in all fields at different companies and we need to establish a secure way for our helpdesk to verify the person before we perform a password reset.
The company wants this to be human controlled and does not plan on spending any money for a password reset program or an authentication system.
My thought was to leave it up to the clients, for example have 2-3 people designated at the clients office who are the only people we will accept password reset requests from, they would be the point of contact to us and would forward requests.
My other thought is that when some calls us we would request a co workers/supervisors email address ( and confirm that address in our system) then send the reset password to them.
What do you all think, and or anyone got some good suggestions for me?
Thanks.
Last edited: