A user has forgotten their account password. Which of the following is the BEST recovery strategy?

A.
Upgrade the authentication system to use biometrics instead.

B.
Temporarily disable password complexity requirements.

C.
Set a temporary password that expires upon first use.

D.
Retrieve the user password from the credentials database.

Explanation:
Since a user’s password isn’t stored on most operating systems (only a hash value is kept), most operating systems allow the administrator to change the value for
a user who has forgotten theirs. This new value allows the user to log in and then immediately change it to another value that they can (ideally) remember. Also
setting a temporary password to expire upon first use will not allow a hacker the opportunity or time to use it.
Incorrect Answers:
A: Using a biometric system is not going to recover a forgotten password.
B: Disabling password complexity requirements is not a recovery strategy rather it would be compromising your password policy.
D: This is not sound practice to keep user passwords on a credentials database since most operating systems store user passwords hashed and the administrator
will be able to change the value for a user who has forgotten theirs.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp. 140-141