Introducing Nametag Autopilot: The First Secure Solution for Self-Service Account Recovery

Nametag Team
Nametag console showing a successful verification result

Enable Self-Service Account Recovery

Nametag sends MFA and password resets to self-service while protecting your helpdesk against social engineering.

Is your IT helpdesk overwhelmed by password and MFA resets? Finally, there’s a solution. We’re thrilled to unveil Nametag Autopilot, the world’s first secure solution for self-service account recovery. It’s already revolutionizing IT helpdesk operations at innovators like HubSpot, and now we’re incredibly excited to bring it to the world. 

“I'm excited about our new partnership with Nametag for its account recovery solution as it promises to elevate our customer experience to new heights. We're already thrilled by the positive feedback pouring in from customers and the dedicated teams at HubSpot's customer success and support departments.” – Mona Salvi, Sr. Director, Product Security, Fraud & Risk at HubSpot

Account recoveries typically represent half of service tickets, according to Gartner and Nametag’s own customers. Nametag Autopilot enables users to securely reset their own passwords and MFA tokens without having to involve helpdesk resources at all—saving you as much as 30% of your helpdesk costs by eliminating these tickets through self-service. 

Read our press release, watch the demo, and read on to learn why we built Nametag Autopilot and how it works. Then get in touch when you’re ready to deploy Nametag with your team.

MFA is Secure. Resets Are Not.

Security-conscious companies have made great progress implementing multi-factor authentication (MFA) on their employees’ accounts. It’s a great step in protecting against account takeovers, and a great step to cover the security problems of passwords. But organizations quickly discover that MFA shares a critical problem with passwords: recovery.

What happens when MFA fails? Often, users are forced to contact IT for help. This creates a huge burden on the helpdesk, adding up to millions of dollars in costs for the organization.

What’s more, account recoveries represent a major point of vulnerability. Hackers frequently exploit the account recovery process to take over employee accounts, then use their new access to steal data and deploy ransomware. 

Current Account Recovery Solutions Are Frustrating & Insecure

The current standard for account recovery security around password and MFA resets to use one of the following methods of verifying the user’s identity: 

  • One-time passcode sent to their phone or email 
  • Push notification to their authenticator app
  • Answer a series of security questions
  • Contact IT to reset it manually

Existing self-service password reset (SSPR) options, including dedicated SSPR products, use some combination of these factors for authentication. But all of these factors are extremely time-consuming and frustrating for users:

  • People frequently lose or upgrade their phones
  • Text messages sometimes just never arrive
  • People can’t access their email
  • Their phone is upgrading its operating system, or is out of battery

Even worse, none of these factors are truly secure against today’s threat vectors:

  • One-time passcodes can be intercepted via trojan, SIM swap, or email takeover
  • Authenticator apps can be exploited using push fatigue attacks
  • Answers to security questions are available publicly, or through prior breaches
  • IT agents can be socially engineered or fooled by AI deepfakes; helpdesks are already under daily assault from organized hacker groups like Scattered Spider

It’s no wonder that account takeovers are on the rise, and a major source of data breaches and ransomware attacks. And, in fact, these vulnerabilities are why there’s been no self-service MFA reset solution: to avoid compromising on security, IT organizations have had to force users through lengthy manual reset processes.

Now, thanks to Nametag Autopilot, you can send password and MFA resets to self-service while simultaneously shutting down a leading attack vector. 

Self-Service Account Recovery with Nametag Autopilot

Nametag saw these problems and built the solution. With Nametag Autopilot, we offer the only secure solution for self-service account recovery (SSAR).

Autopilot sets up in seconds through pre-built integrations to leading Identity & Access Management (IAM) providers like Microsoft Entra ID, Okta, and Duo. Users can quickly verify their identity and then reset their own passwords and MFA using any mobile device, avoiding the hassle of contacting the helpdesk and saving your organization millions in helpdesk costs.

The user flow is intuitive, using only what people already have in their pocket:

  1. Scan QR code
    Navigate to your company’s custom Nametag account recovery microsite, enter your work email, then scan the QR code to launch Nametag—no app download required.
  1. Verify your identity
    Follow the prompts to scan the front and back of your government-issued ID, and take a selfie. Nametag uses AI, facial biometrics, and advanced mobile cryptography to verify the authenticity of your ID and selfie, and compare the two with unprecedented fidelity.
  1. Recover access
    Return to your microsite. You will now have the option to reset your MFA or passwords all on your own, all without having to involve the helpdesk.

Uniquely Secure Against Leading Attack Vectors

Behind the scenes, Nametag’s unique identity verification technology leverages a patented combination of presentation attack detection (PAD), injection attack detection (IAD), and image inspection analysis using machine learning (ML), mobile cryptography, facial biometrics, and proprietary AI models. In simple terms, we leverage the advanced security of Apple and Google themselves to prevent injection attacks, thereby stopping bad actors from using AI deepfakes.

“Together, we are tackling critical challenges in safeguarding against deepfakes and account takeovers, protecting customer trust, and strengthening HubSpot brand and reputation.” – Mona Salvi, Sr. Director, Product Security, Fraud & Risk at HubSpot

Read our blog to learn more about how Nametag prevents digital injection attacks and the use of AI-generated deepfakes.

Put Account Recoveries on Autopilot

Every password or MFA resets costs $84 (with traditional verification) to $162 or more (with visual verification). Meanwhile, account recovery represents gaping hole in your security that hackers are actively exploiting.

Don’t wait to put password and MFA resets on secure autopilot. Watch the demo below, then get in touch to start saving helpdesk costs and stopping helpdesk hacks.

Secure your helpdesk against social engineering and impersonators.
Accept All Cookies