About resetting passwords
Passwords can be reset following password expiry, login failure due to invalid login attempts or in the case of a forgotten password. The password can be reset only if the password policy of a user allows it.
Resetting a password requires user authentication, which is done using secret questions and answers. You can configure the questions as required.
An event RESET_PASSWORD.ON_SUCCESS is triggered whenever a random password is generated or a password is changed.
You can configure the system to send an e-mail once the password is changed. Any other protocol such as SMS can also be configured.