Forgot Password

Forgot Password describes the self-service recovery path that end users use when they cannot remember their password.

Admin forgot password screenshot

Where it helps

Use Forgot Password to reduce support load while keeping password recovery auditable and time-bound.

Workflow

  1. The user selects Forgot Password on the sign-in screen.
  2. The user submits their email or username.
  3. TokenIDP issues a reset flow.
  4. The user proves possession of the recovery channel.
  5. The user sets a new password and signs in again.

Example

Document the exact user-facing recovery steps in your support playbook so first-line support does not hand out insecure workarounds.

Common Pitfalls

  • Revealing too much account existence information in the recovery UI.
  • Allowing overly long-lived recovery links.

Troubleshooting

  • If recovery emails are not arriving, verify delivery infrastructure before assuming user error.