Actually, our Security Analyst is the one that recommeded us putting a "backdoor" on the laptops...
As for the Help Desk using the recovery tokens... Have you ever tried giving an IRATE doctor a 28 character key to type in at 1 o'clock in the morning !!!!
All of our laptops are for Doctors and they will NOT tolerate having to type in a 28 character key...
My response is: Don't forget your password dumbass! ... But, unfortunately, we can't tell them that...
Therefore, the "backdoor" passphrase...
Any other idea as to how I can accomplish this feat ???