After successfully submitting the password reset process, the account’s email address is sent an email from the system. This email contains the link to enable the user to reset their password.
The possible outcomes from the confirm password reset are either:
- An invalid request is made (possible intrusion). The results in a generic error panel giving a friendly “Page could not be displayed” error.
- A valid confirmation request is made, but the time period for the confirmation (usually 72 hours) has lapsed. The results in a generic message panel describing the situation and inviting the user to re-submit a password reset.
- A valid confirmation request is made. And the password reset panel is displayed.