A password reset is the process of replacing a forgotten or compromised password with a new one restoring a user’s access to a system or service.
While such a process is very fundamental to any access management system, it needs to be implemented the right way to avoid unauthorized access by verifying an attacker as the genuine user. Therefore, it is crucial to verify that a password reset is being initiated by or for the right user. This may be done by sending verification codes to registered devices, phone numbers, or email addresses.
A safe password reset process is therefore a crucial component in a state-of-the-art IAM or access management system.