Hi.
I was just wondering what processes people use to manage requests for user password resets.
We get emails (non work email accounts) or calls from people saying they are such & such and have forgot their password, can we reset it.
It would be good if we had some way of proving their identity before resetting the password.
Any advice?