Employee password resets continue to drive a big volume of service desk tickets. Aside from draining IT resources, they also introduce a security vulnerability to your organization. Can your service desk verify that a user is really who they say they are before handing over a new password to an attacker posing as one of your users? User verification at the service desk primarily often relies on knowledge-based questions using static Active Directory information that is vulnerable to targeted attacks, such as employee ID.