The helpdesk is a popular target for hackers. The most popular tactic used is social engineering. While social engineering is likely when using security questions, it is much less common if multi-factor authentication is used. A much needed feature in ManageEngines ADSelf service plus would be to have the a feature in it for the Service Desk team to verify the accounts of users (when they call in to request for a Unlock account or Password Reset), using any of their enrolled identity services, or by sending a text message to the mobile number associated with the user’s account.

Once a user has their identity verified, the helpdesk can then have the ADSSP generate a random character temporary password which can either be provide to the requesting user over call or send it by SMS or by email and require the user to change it at next login.