We've noticed a significant increase in the time our help desk spends on account recovery requests, now accounting for around 40% of our total workload. This has become especially problematic as we're transitioning our users to passwordless authentication. Users often forget to set up their passkeys on new devices or lose their phones, which eliminates their options for self-service recovery. As a result, they call the help desk, where we have to manually verify their identity and reset their access. This process is time-consuming and cannot scale effectively with our current staffing. What changes can we implement to address this issue since account recovery was never meant to become our primary help desk function?
5 Answers
We faced similar issues with two-factor authentication. A lot of users get new phones but forget to set up MFA again, leading to a flood of tickets. I suggest offering a backup method, like a YubiKey, so users have options in case their primary method fails.
Yeah, getting users to understand the importance of backup methods is critical to avoid these problems.
You might want to consider Microsoft Entra's Account Recovery feature. It allows users to verify their identity using Verified ID or biometrics, potentially reducing the need to contact support.
That sounds promising! The self-service flow they offer could definitely tackle some of our account recovery issues.
Absolutely, having a system like that in place could shift the burden away from the help desk and enable users to solve issues on their own.
Manual recovery processes are high-risk and not very secure. If your recovery requests are on the rise, so is your exposure to fraud. It’s essential to treat recovery as a controlled identity event rather than a help desk call.
That’s a valid point! We're working on making recovery more secure and less reliant on phone verification.
Secure recovery flows are definitely a must to minimize fraud risks.
With self-service password resets previously doing a lot of the heavy lifting, losing that capability puts more strain on help desks. The solution lies in redesigning the recovery process as a self-service flow with clear identity verification—this will scale better as our user base grows.
Right, figuring out how to create an efficient recovery flow is definitely a challenge we need to tackle.
Exactly! As long as recovery requires manual intervention, we've got a scaling issue.
It seems like a design issue rather than just a support problem. Passwordless authentication removed the credential but didn't create a solid recovery plan. Some teams have found success by requiring users to set up at least one recovery factor at the start, which can help avoid a bottleneck later.
I agree, having users set this up from the beginning is key. But getting them to actually do it is the challenge!
Totally! Planning for recovery on day one can save a lot of headaches later.
Great idea! Having multiple factors in place could definitely ease some of the burden on support.