We're looking to change our network password change policy to a more-or-less standard MS best practice. As a result, we, the IT department, will no longer know user passwords. The problem is that previous passwords were a means of user identifcation/ verification/ authentication. Thus, we need a new method. We had proposed using the last 4 digits of the user's SSN, but that was rejected. I do see that there are some software/application solutions out there. However, I'd like to see what other people/compainies are doing. Anyone have a recommendation? I tired to do a search, but the results were all over the place and not related.