I imagine this process is more about ensuring the employee is the one entering the new password, rather than the malicious actor - which would easily be possible if a simple password reset email was sent out.
I guess that’s possible, but then that user would be locked out of their account and they’d quickly figure out whose account was compromised when the employee can’t access things anymore.
I imagine this process is more about ensuring the employee is the one entering the new password, rather than the malicious actor - which would easily be possible if a simple password reset email was sent out.
I guess that’s possible, but then that user would be locked out of their account and they’d quickly figure out whose account was compromised when the employee can’t access things anymore.