An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with
the firm. Which of the following is the BEST approach to implement this process?
A.
Employee is required to share their password with authorized staff prior to leaving the firm
B.
Passwords are stored in a reversible form so that they can be recovered when needed
C.
Authorized employees have the ability to reset passwords so that the data is accessible
D.
All employee data is exported and imported by the employee prior to them leaving the firm
Explanation:
Since a user’s password isn’t stored on most operating systems (only a hash value is kept), most operating systems allow the administrator (or authorized person in
this case) to change the value then the information/files/documents can be accessed. This is the safest way of recovery by an authorized person and is not
dependent on those who leave the firm.
Incorrect Answers:
A: No user should be expected to share their password, regardless of the circumstances. Shared passwords goes against normal security procedures.
B: Storing passwords in a reversible form is not best practice and thus not risk avoidance.
D: This may not always be possible as the circumstances can differ vastly when employees leave the firm.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp.140-142