So the problem is due to managing laziness ?
A user-managed password token generator for users who forget their passwords exists to avoid admins being hassled. Who exactly thought this was a good idea ?
I get it. Support hotline and marketroids are getting remarks on how bothering it is to deal with forgetful users. Pressure mounts and some manglement bod starts getting annoyed with the problem. He convenes a meeting with the techs and berates them for creating this issue, then requires solutions. Techs balk at figuring out a way to circumvent security, but a marketroid present in the meeting spurts out a suggestion about a "temporary token". Manglement bod approves, techs implement despite themselves, and now here we are.
Because clearly we need to relieve admins of the bother of securing their network. They don't need to worry about who is accessing it either. How's about we just subcontract that to the NSA ?