In many organizations, a disproportionate number of helpdesk calls are tied to password resets. Calling a remote user to request a password reset is not an effective tool for validating the user’s identity. The best way to overcome these challenges is to adopt a third-party password solution. There are several ways in which Specops Software can securely verify the identity of a user prior to performing a reset. A technician cannot reset a user’s password until the user has validated their identity, making it impossible for technician to perform an unauthorized password reset.
Source: https://thehackernews.com/2021/05/how-should-service-desk-reset-passwords.html