OWASP · elarlang · Dec 16, 2024 · Dec 15, 2024 · Dec 15, 2024 · Dec 16, 2024
diff --git a/5.0/en/0x11-V2-Authentication.md b/5.0/en/0x11-V2-Authentication.md
@@ -98,7 +98,7 @@ Note: Passwords are not to have a maximum lifetime or be subject to password rot
 | **2.3.1** | [MODIFIED] Verify that system generated initial passwords or activation codes are securely randomly generated, follow the existing password policy, and expire after a short period of time or after they are initially used. These initial secrets must not be permitted to become the long term password. | ✓ | ✓ | ✓ | 330 |
 | **2.3.2** | [DELETED, MERGED TO 2.2.4] | | | | |
 | **2.3.3** | [MODIFIED] Verify that renewal instructions for authentication mechanisms which expire are sent with enough time to be carried out before the old authentication mechanism expires, configuring automated reminders if necessary. | | ✓ | ✓ | 287 |
-| **2.3.4** | [ADDED] System administrators should not be able to change or choose any user's password, but rather only be able to initiate the password reset process for the user. | ✓ | ✓ | ✓ | 620 |
+| **2.3.4** | [ADDED] Verify that administrative users can initiate the password reset process for the user, but that this does not allow them to change or choose the user's password. This prevents a situation where they know the user's password. | ✓ | ✓ | ✓ | 620 |
 
 ## V2.4 Credential Storage