Good password practices state that it is a good idea to change your password regularly. Unfortunately, very few users follow these practices, and the most common reason for changing your password is forgetting it.
However, it is a good idea to design this page so that it is easy to understand.
It is important that the user does not experience difficulties on the way to changing their password, as this leads to nerves and frustrations that can be associated with your brand.
Steps
Step 1: Place the link near the password field
If you have ever had to change your password, you have probably noticed that the button directing users to the password change page is always near the field where the user enters their password. This is because it makes it easier for the user to access the function they need.
Even if you choose to have a separate page for changing the password somewhere in the menu or in another place you think is appropriate (for example, in the user’s profile), consider it mandatory to place a link to reset the password near the field for entering it.
Design the link in an obvious way. The user should easily find the link and know, even without reading the so-called anchor text, that this is a link and can click it.
Step 2: Request data
In general, an email address is used to reset the password. This is because most registrations are done with email. In case you are building/maintaining another type of application that is subject to regulations and/or you need more information during registration, you will obviously need to request this data.
Usually, upon entering this data, the user receives a link to reset the password to the email address specified in the account.
NB! If the user has already entered their email in an attempt to log in to their account, but has not succeeded due to forgetting their password, you could help them by automatically transferring the entered address from one form (for login), to the one for resetting the password.
Step 3: Show that the information has been sent
After the user has entered their data and pressed the reset password button, it is good practice to show them that the request has been accepted, and perhaps indicate what their next steps are.
In case the contact you require for registration (or the user’s preferred) is email, send an email in which you indicate a password reset link if this happens automatically. If it is not automatic, explain to the user what they should do or expect to achieve the desired result.
On the other hand, if a phone number is used – send an SMS in which you provide a code or link that should be opened. Again, if you have a more specific structure for the password reset, explain what comes next.
Step 4: The sent message
In this message, as mentioned above, you should send information about the next steps. Of course, you could also directly send a link to reset the password.
Step 5: Reset the password
Regardless of whether you sent a link or a verification code, the next step should be to clear the text field for the user to enter their new password.
Step 6: Password reset successfully
Once the password has been reset, indicate to the user that the operation was completed successfully and direct them to the login page.
