We have a system that uses password authentication to access a database, the usernames and encrypted passwords are stored in the database. when a user forgets their password, (or the administrator leaves for greener pastures) we want to be able to generate a new password for the current administrator or generate a new administrator.
We deal with our clients via telephone support. So we want to use this scenario:
user rings up - forgotten password.
client software generates a challenge code based on their site license
user tells phone support staff the challenge code
phone support staff give a response code
user enters challenge and response code, and goes in the backdoor (either new user created or password of current user reset)
We want the challenge/response to only work once, we dont want to leave the backdoor open.
how should we go about it?
generate challenge code based on both site license and database stored password. With the new password, necessarily the next challenge code will be different. No backdoor.