So I am curious as to how other sysadmins out there handles password resets?
Consider this scenario: a user calls you stating that they forgot their password or are locked out. They want you reset the password quickly so that they can get to work.
So, how do you go about verifying their identity that the person calling is indeed the user who's password you are resetting?
Obviously, there has to be a fine line between security and ease of use since you have a user who cannot work without logging in. Where do you draw that line? What safeguards do you put in place to get the person working quickly while at the same time making sure that you aren't resetting the CEO's password for SirPimpsAlot who works in the mail room?
[link] [21 comments]