ASVS Requirement 6.4.6

• Level: 3
• Chapter: V6 Authentication
• Section: V6.4 Authentication Factor Lifecycle and Recovery
• Source: 0x15-V6-Authentication.md

Description

Verify that administrative users can initiate the password reset process for the user, but that this does not allow them to change or choose the user's password. This prevents a situation where they know the user's password.