Notifications

Clear all

Help desk hijacks and passwordless stall: what IAM teams must face

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 8151

Topic starter 25/06/2026 12:20 am

TL;DR: Identity-related breaches rose sharply in RSA’s 2026 ID IQ Report, with 69% of organisations affected in the last three years and 24% reporting breach costs above $10M, while 90% said passwordless adoption still faces challenges. The data shows identity governance, service desk controls, and recovery discipline are now board-level security issues, not narrow IAM concerns.

NHIMG editorial — based on content published by RSA Security: the 2026 RSA ID IQ Report

By the numbers:

69% of organisations experienced an identity-related breach in the last three years.
24% of organisations said identity-related breach costs exceeded $10M.

Questions worth separating out

Q: How should security teams defend against help desk hijacking in identity workflows?

A: They should treat the service desk as part of the identity perimeter.

Q: Why do passwordless programmes stall even when organisations want stronger authentication?

A: They stall because passwordless removes the password but not the surrounding operational dependencies.

Q: What breaks when identity recovery is easier than primary authentication?

A: The trust model breaks.

Practitioner guidance

Harden service desk identity proofing Require stronger verification for password resets, MFA changes, recovery overrides, and privileged account support requests.
Map every passwordless fallback path Document what happens when a user loses a device, cannot complete enrolment, or needs emergency access.
Treat recovery flows as access controls Review support and recovery workflows as if they were privileged administrative functions.

What's in the full report

RSA Security's full report covers the operational detail this post intentionally leaves for the source:

Question-level breakdown of the survey methodology and respondent profile behind the 2,100-person dataset
Country-level comparisons showing how German identity breach experience differs from the global baseline
Additional reporting on passwordless adoption barriers and the operational reasons organisations stall
Webinar context from RSA leadership on how the findings were presented and discussed

👉 Read RSA Security's 2026 ID IQ Report on identity breaches and help desk hijacks →

Help desk hijacks and passwordless stall: what IAM teams must face?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

9,443 Topics

15.4 K Posts

69 Online

135 Members

Latest Post: Identity security and business growth: are your controls keeping up? Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies