There are couple of options available -
(a) The easiset way would be to use McAfee Drive Encryption 7.1 which has a built-in capability for self-recovery using smartphone, dedicated app and QR codes. It works really well. Take a look at https://community.mcafee.com/docs/DOC-5517 for additional details.
(b) If you can't use DE 7.1, you can leverage the ePO Scripting API for this (ePO 4.6 and above). It will be more complicated and will require some development, but you can build a web service which will use the ePO Scripting API to reset a user token, once the user is authenticated. Again, not straightforward but can be done.
Personally, I'd recommend option A.
Good luck !