May 27, 2024

Okta Password and MFA Resets: Default and Self-Service Options

by
Nametag Team
press@nametag.co

Get in touch with our PR team.

Download media kit

Logos and graphics to help you cover Nametag.

Nametag console showing a successful verification result

Enable Self-Service Account Recovery

Nametag sends MFA and password resets to self-service while protecting your helpdesk against social engineering.

Learn how

Okta is a cloud-based identity and access management (IAM) provider. Companies of all sizes use Okta to manage their employees’ access to applications and devices. Okta also provides consumer identity and access management (CIAM). Read on to learn how to reset an Okta password or Okta MFA with default options, then how to reset them with Nametag.

MGM Okta Login Hack: A Wakeup Call for Security and IT

In August 2023, a Scattered Spider threat actor called MGM Resorts' internal IT helpdesk. The attacker used basic personal information found on a victim's LinkedIn profile to successfully impersonate a real MGM employee. The unsuspecting helpdesk agent, thinking they were assisting a desperate employee who'd been locked out of their MGM Okta account, reset their Okta login credentials. And just like that, the threat actors were in. The resulting ransomware attack cost MGM over $100 million dollars.

This simple helpdesk social engineering attack reveals just how vulnerable Okta accounts are: threat actors can easily bypass security measures by simply exploiting the password/MFA reset process. Even current "state-of-the-art" account protection measures like phishing-resistant MFA are vulnerable. Okta customers need to protect the account recovery process, or else risk being hacked.

Read more: How MGM Got Hacked in 10 Minutes

Okta Password Reset with Default Options

Okta allows users to reset their own passwords using authentication via email or SMS, and a security question. However, Okta uses out-of-date verification methods and does not offer self-service MFA resets. This leaves critical vulnerabilities that can lead to breaches, while forcing users to create helpdesk tickets for MFA resets.

To reset your Okta password, go to your organization’s Okta login page (typically companyname.okta.com) and then follow the flow to reset your password.

  1. Click on Need help signing in? and then on Forgot Password.
  2. Enter your work email address, then click Reset Via Email or Reset via SMS (if enabled). You’ll receive an email (or text message) with instructions and a link.
  3. Answer the security question when prompted.
  4. Create a new password.
Okta self-service password reset flow diagram
Okta self-service password reset flow – from Okta

The Problem with Okta Self-Service Password Reset

It's worth noting that although this is very convenient for users, the use of outdated verification factors can create major security risks. In August 2023, Okta warned its customers that hackers were targeting IT helpdesks in order to compromise privileged user accounts. A month later, MGM Resorts was hit by ransomware. The attackers, Scattered Spider, said that they socially engineered helpdesk agents in order to breach MGM’s Okta implementation. Then, in December, Okta themselves were breached in an attack that leaked data on all of their customers. On May 30, 2024, Okta once again warned their customers about credential stuffing attacks.

Reset Okta MFA with Default Options

Okta does not offer self-service MFA resets. To reset a user’s multi-factor authentication, a company Okta administrator must use their admin console to do this manually. First, they’ll need to verify that the person is not an imposter. Okta’s own Chief Security Officer, David Bradbury, recommends doing this via visual verification. But video verification calls are incredibly time-consuming, costing $162 or more per call. Also, they can now be duped by AI-generated deepfakes (see the story of February’s $25 million AI deepfake hack).

In the wake of numerous Scattered Spider and deepfake attacks, Okta customers have been surrounding their Okta implementations with Nametag to provide better security during password and MFA resets. With Nametag, employees can securely reset their own Okta passwords and Okta MFA devices without involving the helpdesk.

Self-Service Okta MFA and Password Resets

Okta is immensely popular, but recent high-profile breaches of Okta customers and Okta themselves have shone a harsh spotlight on a critical vulnerability within Okta and other identity providers (IdPs): password resets and multi-factor authentication (MFA) resets.

To help organizations address this threat, Nametag has built the industry’s first secure self-service MFA reset solution, Nametag Autopilot. Through Autopilot, employees can securely reset their own Okta passwords and Okta MFA devices without having to involve the IT helpdesk.

Nametag perfectly compliments Okta by enabling employees to securely reset their Okta MFA and passwords entirely on their own. Here’s how to reset a Microsoft Okta password or Entra Okta with Nametag.

  1. Navigate to your company’s Nametag account recovery microsite. Enter your work email address, and then scan the QR code with your smartphone. This will launch the Nametag experience on your device.
  1. Follow the instructions to verify your identity with Nametag. Scan the front and back of your government-issued ID. You can use a driver’s license, passport, or any of over 11,000 other forms of government-issued photo ID.
  1. Take a selfie.
  1. Wait for Nametag to verify your identity and then authorize sharing of your information.
  1. Return to your microsite. You will now have the option to reset your Okta MFA or password.
  1. Click “Reset multi-factor authentication” or “Reset your password” for Okta, then follow the instructions to reset your password or MFA.

The Benefits of Using Nametag with Okta

By surrounding Okta with Nametag, companies see huge benefits across security, cost savings, user experience, and operational efficiency.

2x better experience: Users love Nametag, because it’s much faster and easier than calling support for help, and they're able to get back into their accounts much more quickly.

50% fewer IT tickets: Helpdesk and support agents breathe a sigh of relief as they see ticket volumes drop thanks to self-service, liberating them to focus on delivering better service.

Higher security: Cybersecurity and risk teams sleep better, knowing they’ve remediated a potential vulnerability that can lead to account takeovers, data breaches, and ransomware.

30% cost savings: Executive and finance teams see helpdesk and support costs drop by deflecting IT tickets to self-service, freeing up valuable resources.

Watch a demo of self-service Okta account recovery with Nametag Autopilot, then get in touch to start automating your Okta password and MFA resets.

Secure your helpdesk against social engineering and impersonators.
Learn more about Nametag
Right Arrow Blue
We use cookies to provide, improve, and promote our services. By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. Visit our Privacy Policy to learn more.
Decline
Accept All Cookies