Guidelines for resetting passwords

A password can be reset when a user forgets a password or requests a password change. The password policy defines the behavior in case of password resets.

You can reset passwords by configuring:

Secret questions and answers—Questions can be configured in the password policy for user authentication and on success, password can be reset or changed. Repeated wrong answers lock users out. Secret questions act akin to passwords for handling user authentication.
Using protocols such as e-mail, SMS or any other protocol. You can configure any protocol as applicable.

An e-mail can be sent to users when:

A password is changed or reset.
An answer to a secret question is given or changed.