An insurance company requires an account recovery process so that information created by an employee can
be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to
implement this process?
Employee is required to share their password with authorized staff prior to leaving the firm
Passwords are stored in a reversible form so that they can be recovered when needed
Authorized employees have the ability to reset passwords so that the data is accessible
All employee data is exported and imported by the employee prior to them leaving the firm
Since a user’s password isn’t stored on most operating systems (only a hash value is kept), most operating
systems allow the administrator (or authorized person in this case) to change the value then the information/
files/documents can be accessed. This is the safest way of recovery by an authorized person and is not
dependent on those who leave the firm.