A user has forgotten their account password. Which of the following is the BEST recovery strategy?
Upgrade the authentication system to use biometrics instead.
Temporarily disable password complexity requirements.
Set a temporary password that expires upon first use.
Retrieve the user password from the credentials database.
Since a user’s password isn’t stored on most operating systems (only a hash value is kept), most operating
systems allow the administrator to change the value for a user who has forgotten theirs. This new value allows
the user to log in and then immediately change it to another value that they can (ideally) remember. Also,
setting a temporary password to expire upon first use will not allow a hacker the opportunity or time to use it.