what are the differents between these two options during the ePO recovery procedure?
I have tried both variants and I always have to enter a new password.
Version is 7.0.1.
the latter changes the users token to a password. The former tries to reset the token to the default pin/password.
If you're using just a password, not a token like a smart card, the latter clears all the password history etc as well which can be useful.
That is exactly what I expect.
However during a recovery phase in both cases the user needs to redefine a new password.
I think reset to default password should not ask for a password and use the password which is configured in the policy.