As someone who worked for an MSP, not all customers believe that they require these security measures. Especially smaller companies would jest they were too small to be a hacking target.
Many users would call in saying their users didn’t work, while in truth their password was expired. We would tell them to use the sspr, and they would call back 10-15 min later and say that the sspr didn’t work. So instead of going through the steps to troubleshoot something in front of them, to prove that they were lying, we would set pwgen passwords and depending on when they called and their attitude we had a scoring system and use their score for the pwgen command. After some time of doing this, fewer users would call in and more of them would learn to use the sspr
Yea MSPs can’t do this because they typically support a bunch of businesses so small they barely need anything and aren’t worth attacking because there is no money to ransom. My comment is from the major Corp IT perspective
As someone who worked for an MSP, not all customers believe that they require these security measures. Especially smaller companies would jest they were too small to be a hacking target.
Many users would call in saying their users didn’t work, while in truth their password was expired. We would tell them to use the sspr, and they would call back 10-15 min later and say that the sspr didn’t work. So instead of going through the steps to troubleshoot something in front of them, to prove that they were lying, we would set pwgen passwords and depending on when they called and their attitude we had a scoring system and use their score for the pwgen command. After some time of doing this, fewer users would call in and more of them would learn to use the sspr
Yea MSPs can’t do this because they typically support a bunch of businesses so small they barely need anything and aren’t worth attacking because there is no money to ransom. My comment is from the major Corp IT perspective