Featured Tutorials
The Death of Security Questions: Why Identity Proofing Is the Future of Service Desk Security
The Death of Security Questions: Why Identity Proofing Is the Future of Service Desk Security For years, organizations have focused on strengthening authentication. They deployed multi-factor authentication (MFA), rolled out passwordless initiatives, enforced Conditional Access policies, and invested heavily in identity security. Yet account takeovers continue to happen. Why? Because attackers have discovered something many security teams overlook: The easiest way to bypass identity controls isn't to attack the technology. It's to attack the people operating it. And nowhere is this more evident than the service desk. The Service Desk Has Become Your Largest Authentication System Think about the last password reset request your help desk handled. An employee calls because they're locked out. The service desk agent asks a few questions. The answers sound legitimate. The password gets reset. Access is restored. At first glance, this seems like a routine support interaction. In reality, something much more important just happened. Your help desk performed an authentication event. The agent made a security decision: "Is this person really who they claim to be?" That decision may provide access to Microsoft 365, VPNs, cloud applications, privileged systems, and sensitive business data. In many organizations, the service desk has become a manual identity provider. The problem is that most help desks still rely on verification methods designed for a world that no longer exists. The Information Advantage Is Gone Traditional verification methods assume that personal and organizational information remains private. Support teams commonly ask for: Employee IDs Department names Manager names Office locations Phone numbers Security questions Twenty years ago, these questions worked. Today, they often provide little meaningful assurance. Modern attackers can gather information from: LinkedIn Corporate websites Social media Public records Previous data breaches Phishing campaigns Data broker services Many attackers know as much about an employee as the help desk does.
Become a Student of ATA Learning
In-depth, straight to the point, no-nonsense technical tutorials that teach you all the in and outs of the latest (and time-tested) technology today.
- Example-driven tutorials from subject matter experts.
- Carefully edited to ensure ATA quality.
- Written so everyone can understand.
Share your knowledge (and get paid)
Do you know a thing or two about IT, cloud or DevOps? Join us an instructor to share your knowledge, improve your writing and get paid!
- Earn money for your years of hard-earned knowledge!
- Grow as a tech writer with our extensive feedback and proven editing process.
- Meet other technology experts by joining our community.
Reach hundreds of thousands of tech learners every month
Over 1 million monthly IT, DevOps and cloud professionals can't be wrong. Get your product or service in front of our engaged audience.
- Over 1 million monthly visitors and growing!
- Flexible advertising and sponsorship opportunities.
- Custom content creation around your product target to your customers.
Our Team
Adam Bertram
Founder
Adam Listek
Director
Rochella Caguin
Content Manager
Matt Zandee
Partnership Manager
Arman Castillote
Editor
