Occasionally you may receive a support request from a Person who has forgotten their password, or needs to change it.
There are two ways this can be accomplished.
- A user can request a Password Reset email themselves by using the "I forgot my password" link on the Login page. They will receive a Password reset email containing the link to reset their password.
- As a wicket admin, you can visit the Security screen of their Person record, and click the "Send reset email" button. They will receive a Password reset email containing the link to reset their password.
If you send multiple Password Reset emails, only the latest will be valid. Each time an email is sent, a new, unique link is created which invalidates any sent previously. Using an invalid link may display a "Reset password token is invalid" error message to the user.
Password reset links expire in 24 hours. If the user’s link has expired, they will receive a “Reset password token has expired, please request a new one” message.
There is no function within wicket admin to manually enter a new password for a user. Password changes must be completed via the Password Reset process for security.
Article is closed for comments.