There are a couple of reasons why this is worrying. Firstly, a lot of businesses outsource their IT. So every time one of their employees needs to change their password, the employee has to bid their time, waiting to talk to an IT professional.
During this time, they are denied access to tools or information they need to do their job. What makes matters worse is that the employee is basically being paid to sit in a chair and wait for feedback from the IT department.
Another problem is how a helpdesk, either in-house or outsourced, can verify that the individual they are speaking to on the phone or communicating with via email is an actual employee. This process raises the likelihood of breaches and hacks.
Now, if you have a helpdesk that fails to verify the employee before changing passwords properly, you could have a situation where a random person calls, says that they are the CEO or owner of the company, and needs to change the password. Your company needs security protocols that can safeguard against scenarios like this.
This is where MicroFocus / NetIQ – Self-Service Password Reset (SSPR) can help. The technology takes the human error out of the equation, making it possible for you to manage passwords across your enterprise.