Everyone’s thinking about impersonation attempts and identity theft nowadays. However, not every vendor with an identity verification solution will offer the same level of security to your technicians and end users.
When it comes to password reset and account unlock tickets, there are three common ways to verify end user identities and confirm requests are legitimate: email verification messages, SMS or text messaging, or a dedicated application.
Today, we’ll be diving into verification via each of these three channels, the benefits and downsides to each channel. We’ll discuss the most secure way to verify your customer identities, and help you dismiss legacy identity verification providers and so-called “thought leaders” that are peddling products that are vulnerable to exploitation.
Identity Verification via SMS or Text Messaging
Text messages are quick and convenient. Although an end user can easily read out six-digit verification codes on a call, identity verification via SMS is the least secure way to authenticate an IT request.
In fact, regulatory bodies and lawmakers specifically call out verification via SMS is insufficient to align with security best practices. For example, the New York Department of Financial Services (NYDFS) does not recommend authenticating via SMS and voice messages, since this leaves companies vulnerable to SIM swapping attacks, where an attacker can steal a user’s phone number and intercept messages and authentication codes to get access to a target’s environments.
While an SMS verification may be convenient for an end user, it’s hardly ideal for an IT team trying to align with cybersecurity best practices.
Identity Verification via Email
Verification emails are significantly more secure, since these accounts are secured by passwords or Multi-Factor Authentication (MFA) – and by requiring an end user to verify with a work email, you can implement greater controls over who can access your organization’s resources.
But it’s not perfect. Customers can still fall for sophisticated phishing emails, engineered to alarm users into taking action. Moreover, security experts have pointed out that it’s far too easy for a threat actor to find an end user’s personal or work-related email address from social networks, or other work-related resources.
Identity Verification via Mobile App
Ultimately, the most secure authentication method for a customer is a dedicated application for customer identity verification. Ideally, a secure app can utilize your phone’s built-in biometrics to confirm your identity or your unique passcode to confirm your request is legitimate, enabling ticket resolution and making the most of your device’s native security measures.
While MSPs and help desks may face an uphill battle with convincing customers to adopt a dedicated application than one of the two pre-existing methods, a dedicated application is purpose-built to ensure a company’s internal security.
See the Difference with CyberQP Customer Workforce Verification
At CyberQP, we’re keeping a continuous eye on the evolution of identity-centric threats, from the age-old tactics like phishing emails to emergent threats like AI-powered impersonators launching vishing attempts into help desks.
We understand that MSPs and help desks face a delicate balancing act between offering a convenient support experience to end users and making sure they’re not leaving their digital environments open to malicious actors. That’s why CyberQP Customer Workforce Verification gives an end user multiple ways to verify their identity including a biometric-supported mobile app, SMS, and email confirmations.
Technicians can also go one step further with CyberQP Help Desk Security Automation, and resolve account management issues (like password resets and locked accounts) from within their PSA.
Ready to see what we can do for your help desk? Learn more about the CyberQP Platform now.