Introducing Nametag Autopilot: The First Secure Solution for Self-Service Account Recovery

Is your IT helpdesk overwhelmed by password and MFA resets? Finally, there’s a solution. ?? Today we’re thrilled to unveil Nametag Autopilot, the world’s first secure solution for self-service account recovery. ??

“I am excited about our new partnership with Nametag for its account recovery solution as it promises to elevate our customer experience to new heights. We are already thrilled by the positive feedback pouring in from customers and the dedicated teams at HubSpot's customer success and support departments.” –– Mona Salvi, Sr. Director, Product Security, Fraud & Risk at HubSpot

Eliminate 50% of Your IT Tickets, Save 30% of Helpdesk Costs, and Cover a Critical Security Gap

Account recoveries typically represent half of service tickets, according to Gartner and Nametag’s own customers. Nametag Autopilot enables users to securely reset their own passwords and MFA tokens without having to involve helpdesk resources at all—saving you as much as 30% of your helpdesk costs by eliminating these tickets entirely through secure self-service.?

Autopilot is already revolutionizing IT helpdesk operations at innovators like HubSpot, and we’re incredibly excited to bring it to the world.

Interested? Read our press release, watch our demo, and get in touch to learn how you can deploy Nametag Autopilot in just 5 minutes. Or read on to learn why we built Nametag Autopilot and how it works.

MFA is (Mostly) Secure. Resets Are Not.

Security-conscious companies have made great progress implementing multi-factor authentication (MFA) on their employees’ accounts. Indeed, MFA is a critical measure to protect against account takeovers, and a great step to cover the security problems of passwords. But organizations quickly discover that MFA shares a critical problem with passwords: recovery.

Think of it this way: What happens when MFA doesn't work? Often, users are forced to contact IT for help. This creates a huge burden on the helpdesk, adding up to millions of dollars in costs annually just to handle account recoveries.

What’s more, password and MFA resets represent a major point of vulnerability. Hackers frequently exploit the account recovery process to take over employee accounts, then use their new access to steal data and deploy ransomware.?

Current Account Recovery Solutions Are Frustrating & Insecure

The current standard for account recovery security around password and MFA resets to use one of the following methods of verifying the user’s identity:?

• One-time passcode sent to their phone or email?
• Push notification to their authenticator app
• Answer a series of security questions
• Contact IT to reset it manually

Existing self-service password reset (SSPR) options, including dedicated SSPR products, use some combination of these factors for authentication. But all of these factors are extremely time-consuming and can be highly frustrating:

• People frequently lose or upgrade their phones
• Text messages sometimes just never arrive
• People can’t access their email
• Their phone is upgrading its operating system, or is out of battery

Even worse, none of these factors are truly secure against today’s threat vectors:

• Passcodes can be intercepted via trojan, SIM swap, or email takeover
• Authenticator apps can be exploited using push fatigue attacks
• Hackers already have the answers to security questions
• IT agents can be socially engineered or fooled by AI deepfakes. Helpdesks are already under daily assault from organized groups like Scattered Spider

It’s no wonder that account takeovers are on the rise. In fact, these vulnerabilities are why no one's been able to offer self-service MFA resets: to not compromise on security, IT has had to force users through lengthy manual reset processes.

Now, thanks to Nametag Autopilot, you can send password and MFA resets to self-service, all while simultaneously shutting down a leading attack vector.?

Introducing Nametag Autopilot: Secure Self-Service Account Recovery

Nametag Autopilot is the industry's first and only secure solution for self-service account recovery (SSAR). It sets a completely new paradigm for IT operations, and stands out against traditional SSPR tools in numerous ways.

Autopilot sets up in seconds through pre-built integrations to leading Identity & Access Management (IAM) providers like Microsoft Entra ID, Okta, and Duo. Users can quickly verify their identity and then reset their own passwords and MFA using any mobile device, avoiding the hassle of contacting support and saving your organization millions in helpdesk costs.

The user flow is intuitive, using only what people already have in their pocket:

1. Scan QR code. Navigate to your company’s custom Nametag account recovery microsite, enter your work email, then scan the QR code to launch Nametag (no app download required)
2. Verify your identity. Follow the prompts to scan the front and back of your government-issued ID, and take a selfie. Nametag uses AI, facial biometrics, and advanced mobile cryptography to verify the authenticity of your ID and selfie, and compare the two with unprecedented fidelity.
3. Recover access. You now have the option to reset your MFA or passwords all on your own, without ever having to ask IT for help.

Uniquely Secure Against Leading Attack Vectors

Behind the scenes, Nametag’s unique identity verification technology leverages a patented combination of presentation attack detection (PAD), injection attack detection (IAD), and image inspection analysis using machine learning (ML), mobile cryptography, facial biometrics, and proprietary AI models. In simple terms, we leverage the advanced security of Apple and Google themselves to prevent injection attacks, which is the primary way bad actors leverage AI deepfakes.

“Together, we are tackling critical challenges in safeguarding against deepfakes and account takeovers, protecting customer trust, and strengthening HubSpot brand and reputation.” – Mona Salvi, Sr. Director, Product Security, Fraud & Risk at HubSpot

We actually wrote an entire article on digital injection attacks and the use of AI-generated deepfakes, including how Nametag stops them both. Check it out!

Put Employee Account Recoveries on Autopilot

Every single password and MFA reset costs IT $87 (with traditional verification mehtods) to $162 and more (with visual verification). Insecure account recoveries create a gaping hole in your security that hackers are already exploiting.

Don’t wait to put account recoveries on secure autopilot with Nametag. Watch our demo, then get in touch to start saving costs and stopping helpdesk hacks.