I am a network administrator/IT help desk for my company, and in order to enforce stronger data security, we are starting to enforce policies about the user passwords, such as having to change it every 3 months, creating strong password, etc.
My issue is, I need to know everyone's passwords at all times, because there are times that my supervisor needs certain info from the user's machine, or I need to perform updates/maintenance, and the user may not be there. I don't want to reset passwords for them for these purposes.
I would be happy to keep the passwords in my encrypted database, however, I am not sure how I should request the users' passwords when they are changed. Is asking them to send it via email secure enough? (We have Exchange) I feel like if we want to make our system secure, then inputting the passwords into my database should be done securely as well.
I understand that as an administrator, I should not have the users' passwords, only the ability to reset them, however, that is not my option. That's the reason why I feel like I am doing something extremely odd.