AU
APP015: Password Reset Challenge/Response
Does the application use an EATDS-approved mechanism for password resets?
Guidance: It is a sound security practice to use a challenge/response mechanism to verify the user's identity for password reset, especially for high-criticality applications. Other mechanisms for low-criticality applications can be recommended by authentication guidelines or can be subject to business approval to ensure the risk is acceptable.
Replies
QuickView supports Windows Integrated Authentication. Our recommendation is to use this option. Windows Authentication uses the Kerberos authentication protocol. With this option enabled, all password resets are handled within the Windows Environment and not QuickView.
References:
Security Policy: Windows Authentication | QuickView Docs
Windows Authentication Overview | Microsoft Docs