Password Reset Email Text - Best practice steps to take or is it secure enough?

The standard Password Reset eMail text tells the User that if it wasn’t them that requested to change their password, just ignore the message…

Screenshot 2023-05-15 110139

It’s probably just me but this seems a little bit casual as it seems to be saying “Yeah, someone’s trying to gain access to your account but just ignore it”. Surely if someone’s trying to change your email, that’s quite a concerning scenario. Is there another step I can add that will make someone feel like they’re safe or do I really not need to concern myself about this.

For instance, right now I’m sitting in my office at home typing this. If my neighbour calls me and says “Hey, someone’s trying to defeat the lock on your front door”, I wouldn’t carry on sitting here ignoring it until they get in. I’d want to make sure that the police are on their way and that my dogs are waiting on this side of the door for them should they succeed. Should I therefore implement other steps in the password reset procedure in my app or is it really OK? And if I should put in extra steps, what should they be? I’m possibly just being paranoid about security.

Hi there, @joefarrowsmith… others may disagree, but I wouldn’t worry about it because it’s just the way it is that someone could accidentally (or not accidentally, of course) submit a password reset request for an email address that isn’t theirs.

The only thing I would likely do (and have done in the past) is change the messaging in the email to something more along the lines of, “A request has been submitted to reset your password. If you did not submit this request, it was likely submitted for your email address in error, and you do not need to be concerned about the security of your account because your password cannot be reset without access to your email account.”

Hope this helps.


1 Like

Ah, nice. Yes that help. Thanks, Mike. I think I’m overly sensitive to these things but I like your added explanation so…(and irony duly noted here!)…I’ll be nicking that!!

Thanks ever so much as always.

1 Like