• YodaDaCoda
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    2 months ago

    I imagine this process is more about ensuring the employee is the one entering the new password, rather than the malicious actor - which would easily be possible if a simple password reset email was sent out.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      I guess that’s possible, but then that user would be locked out of their account and they’d quickly figure out whose account was compromised when the employee can’t access things anymore.