SY0-301 · Question #748
A user has forgotten their account password. Which of the following is the BEST recovery strategy?
The correct answer is C. Set a temporary password that expires upon first use.. Setting a temporary password that expires on first use is the most secure recovery strategy because it forces the user to immediately set a new credential while minimizing the window of exposure.
Question
A user has forgotten their account password. Which of the following is the BEST recovery strategy?
Options
- AUpgrade the authentication system to use biometrics instead.
- BTemporarily disable password complexity requirements.
- CSet a temporary password that expires upon first use.
- DRetrieve the user password from the credentials database.
How the community answered
(51 responses)- B2% (1)
- C94% (48)
- D4% (2)
Why each option
Setting a temporary password that expires on first use is the most secure recovery strategy because it forces the user to immediately set a new credential while minimizing the window of exposure.
Upgrading to biometrics does not resolve the immediate access problem and is a system-level change, not an account recovery strategy.
Temporarily disabling password complexity introduces a security gap and does not actually restore the user's access to their account.
A temporary password with forced expiration on first login ensures the help desk never knows the user's actual password, limits the exposure window to a single session, and requires the user to immediately establish their own credential - aligning with least-privilege and zero-knowledge principles for credential management.
Passwords should be stored as salted hashes, making retrieval impossible; if a system can retrieve a plaintext password, that indicates a critical security design flaw.
Concept tested: Secure password reset and temporary credential best practices
Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
Topics
Community Discussion
No community discussion yet for this question.