Resetting Password

Providing users a Reset Password link works like an "emergency exit," supporting Nielsen's heuristic about user control and freedom. The heuristic advocates users' rights to make mistakes and states that a system should allow users to get out of trouble without much effort.^[3]

The Reset Password link gives users an opportunity to recover from an undesirable situation and makes them feel more relaxed and comfortable. 

Although the Reset Password link isn't the primary action on a page, it should still be visible. Place it below the password input where users expect to see it, show its clickability, and provide a straightforward label that eliminates any doubts about what happens when users click it.

Commonly, systems ask for an email to send users a link or a phone number to send a code to recover the password. This data is usually enough to identify a person and help them restore their login information securely.

The process should be quick and painless, so avoid asking unnecessary questions and making them fill more than 1-2 fields. Otherwise, users may feel insecure or simply abandon the product.

Once users provide their email or mobile phone, show them a page explaining what happens next. If you ask for an email, inform users to check their inboxes for an email with a password recovery link. If you ask for a mobile number, notify users that they will shortly receive a code or link on their phones.

Keeping users up to date makes them feel confident that everything will be okay and they will recover their account in a short time.

After you send users a password recovery link to their emails or phones, your job isn't done. The email or text should contain clear and straightforward instructions on what to do next.

Avoid including too much text — a prominent link to the reset page or a code that allows users to reset their password should be included.

Whether it's a verification code or a link to click, the next page should include a clear input to enter the new password. Don't forget to include password requirements and make sure users can see them the entire time while typing. If there are more than a couple of password requirements, consider adding bullet points to make the instructions scannable.

After users successfully reset their password, it's a good idea to congratulate them. Resetting a password can be a frustrating experience, so acknowledging their success can create a positive user experience. Once users have reset their password, redirect them to their intended destination — the login page.