They typically call from an internal number or via Teams. Both of those tend to be decent verifications, coupled with the fact that despite us being a relatively mid to large company - we tend to know most of the people here or have at least see or heard from them once or twice before. 

Spice (4) flagReport

Was this post helpful? thumb_up thumb_down

We have them fax us a copy of their username/password. Cuts down heavily on the annoying tickets.

In all seriousness we frequently ask who they are, then search their account through our support tool, so see where they are logged in. We ask them to identify the sticker we applied to their device, and typically it matches what we see in Goverlan they are logged into.

If they call in, the phone number they call from is usually an internal number. Unless they are having problems getting VPN working, we can still connect to them via our support tools.  If they are having VPN issues we can usually log their logins using DUO, or setup a teams chat with them to verify it is them, and troubleshoot through screen sharing.

Teams and Goverlan have been two tools that have dramatically changed our support times for remote workers, and frankly on prem workers.

Spice (4) flagReport

1 found this helpful thumb_up thumb_down

Our self service password reset tool also allows us to send them a random code to their phone that they then need to read back.

Spice (2) flagReport

Was this post helpful? thumb_up thumb_down

Most of our company went remote in 2020 and we have now hired more out of state employees. We were once at a place where every one new who one was. no more Cheers! 

Name, location, program, and  internal employee ID number

I was going to suggest carrier pegions vs fax

We only support about 75 internal users. Most of the time they don't even have to tell me who they are, I recognize their voice. When we have new users, other staff that we know normally call on their behalf, so we get to know those new users slowly. We've never had an issue with anything nefarious going on, and never any social engineering (even from internal users).

As others have said, being relatively small - about 150 users, we often recognize them by voice.  Even then, generally if they are in one of our remote offices, we'll send an email to another staff in that location with a code word or number and have the another staff in the office verify who we are talking to.  If they are working from home or somewhere else where there are no other staff, we will ask for additional information - such as their email address, cell phone number, copier code, employee ID number.  If we have their personal cell phone on record we may check the caller ID or call them back on their cell.  Sometimes we get a call for a password reset from someone who is at home, not working, but knows they will need a password reset on a late shift.  In that case we won't give them them a password over the phone, but we will email a temp password to their supervisor to give to them. 

We can send them a Duo push for verification but this is rarely necessary.  Most of the time we recognize them.

Microsoft Teams is the default communication option. Sometimes internal phones or business/private cell phones are used. Occasionally we push a verification code over email/phone, but that is a scarce case.