Keypoints
- Each password reset costs about $70 and remains one of the most common helpdesk requests.
- Attackers target password resets to bypass MFA and gain valid credentials through social engineering.
- The April 2025 Marks & Spencer breach shows a service-desk reset led to AD compromise, credential cracking, lateral movement, and ransomware.
- Specops Secure Service Desk enforces mandatory identity verification using one-time codes or existing identity providers to prevent fraudulent resets.
- Best practices include promoting SSPR adoption, issuing strong temporary credentials, monitoring reset activity, and training the helpdesk.
Read More: https://www.bleepingcomputer.com/news/security/regular-password-resets-arent-as-safe-as-you-think/