£199.99 £139.99 for one year of Unlimited learning. Offer ends on 14 November 2022 at 23:59 (UTC). T&Cs apply

Find out more
Understanding Password Reset Requests
Skip main navigation

Understanding Password Reset Requests

Learn more about how to recognize suspicious password reset requests.
Digitally created image of a laptop and cellphone with a login box

In this section, you will learn about password reset requests. This is primarily geared toward people in the IT industry. So, as an IT professional, chances are you’re going to get requests from all sorts of avenues. People are going to call, email you, and may even show up in person for password requests.

So, how do you handle password reset requests?

First and foremost, stop. Before you even try to reset a password for a user, verify the user’s identity and status. You need to ask yourself a couple of simple questions. What is the user’s current work status? Are they actually still working? Were they let go for whatever reason? Can you identify who the user is? And did the user forget their password or was it compromised?

  1. What is the user’s current work status? Was a user account disabled or has a password been changed intentionally? If you’re not in a position to be aware of that information, it’s worth taking the time to verify that. Things do happen; and in corporations, people get let go, people are under investigation for whatever reason, accounts might be changed or might be disabled while they investigate it. The last thing you want to do is re-enable an account or re-enable the password and allow access to that particular user if it was disabled intentionally. So again, verify that information before you go ahead and reset a password.
  2. Can you identify who the user is? Is there a policy in place identifying who the users are that you’re changing the password for? Are they there in person? Is it over email? Is it over the phone? Can you verify their ID, verify their email address, or verify the phone number that they’re calling from? Checking this is important because impersonations do happen, especially over email or phone. So, verify the identity of the user before you reset the password. Otherwise, your network could easily become compromised.
  3. Did the user forget their password or was it compromised? If the user account was compromised, have the user sign out of all services. For example, Gmail: you can go in and log out of everything. Verify the network logins between the time that the person lost control of their account. Find out when they discovered the account password was changed. All these things are going to be important because if the user lost control of their account and password, your network may be compromised. Go through and verify that nothing was compromised and that the network and user’s account is still safe.

Asking yourself these critical questions will help you to carry out your actions safely and ultimately protect the end-user, too.

Reflect and share: Have you experienced this? Did you receive a request, or did you send a request? If you sent a request, was your identity verified? Share your experience with your fellow learners below.

This article is from the free online

Cyber Security Foundations: Why Cyber Security is Important

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education