The biggest challenge of password reset is to reliably authenticate the user. The larger the company and the higher the number of locations, the less likely it is that employees and IT administration know each other personally. Nevertheless, an identity for resetting passwords must be proven.
Since the helpdesk is usually not available at all locations or is even completely outsourced, employees only have the opportunity to come by in person with an ID card in exceptional cases. The occasional practice of faxing or emailing a copy of the ID is not only insecure, but also inconvenient. A call to the helpdesk with the appropriate extension number? Unfortunately, the appearance of security with this method is also deceptive.
Many companies therefore outsource the task to so-called key users who are contacted on site by those seeking help. The fact that requests for password resets rise sharply after holiday periods and tie up departmental capacities is often accepted. Not to forget: such processes can only be audited to a very limited extent.