Password Recovery/Recovery Question Process Flow
I am creating an application where the user will be able to recover their password from a "forgot password?" link. Once the user clicks on the link they are presented with their recovery questions which they would have filled out during the account registration process. If they were to fill out the questions correctly they receive an e-mail with a new temporary password which they would update upon logging in.
My issue is on the recovery question screen. If the user cannot remember their recovery questions is there a best practice on a way to allow the user to reset their questions without getting their password first?
We are thinking it may have to become a customer support issue where the user would have to call in for a recovery question reset, but I find that inefficient and inconvenient for both the user and the support team. Is there a process that anyone is aware of that could solve this issue and allow the user to reset their recovery questions which in turn would allow them to reset their password.