Disclaimer: I'm not saying password logins are not necessary or anything like that, so don't jump on me!
If you can get by with using Windows LoginID (because users don't share a pc or a Windows session) then consider storing their Windows LoginID in the user table. If not found when they start up they don't get in. Thus no calls to you because someone forgot their password. Plus, any decent password function should include expiry. So if you want to build all that and deal with user calls (or you have no option) then far be it from me to discourage anyone.
As for the Windows LoginID, you can have the code write it to the table the first time they log in. However, I suspect there already exists some sort of restriction that you've already imposed so that authorized users can't just create a new account.
Last edited by Micron; 08-13-2019 at 11:57 AM.
Reason: clarification
The more we hear silence, the more we begin to think about our value in this universe.
Paraphrase of Professor Brian Cox.