Coresender LogoMobile menu icon

Password Reset Done Right

There used to be a time when email marketing was non-existent, and transactional emails were limited to the bare minimum. Guess what was always there? “Forgot your password,” of course. To many of your customers passwords are tricky: they need upper cases, lower cases, numbers, special signs and what not. From a customer’s point of view it is very frustrating, just think about it:

  • If you make a password too short and simple (eg. password123) or too obvious (your date of birth), it is deemed unsafe - which can be, by the way, quite frustrating.

Wordpress keeps you on your toes

  • If you do come up with a good password and then use it in multiple places, again, it’s unsafe – for if just one of these places leaks their passwords, then you’re doomed.

  • And if you do everything by the book, make the password strong and unique, then… Well, there is quite a chance you will forget it, get confused as to which password goes where and eventually lock yourself out of your own account.


If it never happened to you as an Internet user, then congratulations, you are among the chosen ones. The rest of us absent-minded airheads need to swallow our pride and every once in a while restore our accounts by clicking the shameful “Forgot your password” button. Since forgetting things is unpleasant enough as it is, let’s make sure that the password change process is as pleasant, quick and simple as possible!


One of the most used emails

What we forget when handling the password reset process is that it’s a requested message - if there is one email people are usually happy to see, it’s this one. When a customer forgets their password, they want to be able to enter their accounts again ASAP, with as little hustle as possible. Due to its very special nature, email deliverability of such messages is very high, and so is the open rate. It’s the perfect opportunity to do it right and make a name for yourself, as for some customers this will be one of the very few emails from you that they actually decide to open. You can use this opportunity to make a good impression.

Vimeo - sending us love even for a password change

Why it's important

For the customer – because they are locked away from their account. For you – for the exact same reason. Apart from technical problems (which we hope you never have, fingers crossed), this is the main crisis situation your customer will be in, and as such, it should be treated with utmost care and attention. Even the simplest task can be handled incorrectly if you disregard it, and this is exactly what can happen here. This is the reason we decided to talk you through the process, nice and thorough.

How it’s done

We have decided to spend some extra time on a decent analysis and explanation of how to approach password change, so get comfortable and read ahead! Hope this article is helpful in making your life easier and emails better!

The process

Stage 1: Request password change

The first step takes place on your website, and although technically speaking it’s not part of good email practices, without it – there is no email. Make sure that the password change is easy and quick; after all, you don’t want your customers to be locked away from your business for long. Remember not to request the client’s username in the password change process, as it may be the username that causes them trouble. And, obviously, don’t keep the password change only on your website, as it increases the danger of security breach: sending an email is a much safer way, and also potentially beneficial for you in terms of good customer relationship. Make them know they should expect your email to ensure good communication.

WordPress - “Lost your password?” placed low and hard to find

Stage 2: Email contact

Once your customer requested their password to be changed, it’s all got to go quickly. This is something we at Coresender are very aware of, and so should you be. The email you designed should reach your client in seconds, otherwise there is a danger that, unable to log in to their account, they may lose interest in what they were doing and drop the task, to return again who-knows-when. On our side, we make it FAST, as you can probably already tell; the rest depends on whether you are ready and the email is composed correctly. As usual, you want it to reach their Inbox, and if for any reason it’s caught up in some other folder, your client should know to go look for it – that is why they need to know it’s coming (as stated in the previous step).


Stage 3: Follow-up – Password change confirmation

Once your customer received the email, followed the directions and changed their password, it’s good to have one more message confirming that such a process took place. This ensures that in case of a breach of security on the customer’s side, the chance of detection is higher. It also closes the process in a professional way, as any confirmation does.


Email content: a straightforward message

When composing an email you need to remember two things: the purpose of the message for its recipient and what your goal here might be. When it comes to password reset, it is crucial to keep your eyes on the ball - you need a clear structure, a straightforward message and a simple graphic form. Just consider these few tips:

  • Do not create a separate email, use an address that you already have, such as support@… or any other. Even though it is a strictly transactional message, it would be best not to use a no-answer email, as it may give off the wrong impression (we discussed it more in The Importance of a Welcome Email).

  • Make the subject obvious, such as “[company name] Password Reset” - you want your customer to find the email straight away, and also such passwords are very good for email deliverability.

  • Include the logo/trademark you use for your business and be consistent in the design - remember that brand awareness is built every step of the way, so spend this extra moment to design a visually pleasant email which looks as good as the rest of your customer communication.

  • Explain why you are contacting the customer and, just in case, let them know that they can ignore the email if they were not the ones who sent it, and that their account will be as safe as it ever was.

  • Include a reset password link – it can be a button or a traditional link directing the customer back to your website. Make it visible and easy to find.

  • Limit the password change in time – make sure that the link expires if not used and let your user know how much time they’ve got. Keep in mind that the time should be rather short, like 15 minutes or an hour - the sooner they go back to your website, the better for you.

  • Include contact information in case the client has any questions

Text – simple words, simple form

Give up any complex structures, unnecessary information or broad instructions. You want to keep it short and simple. Your customer is probably already slightly irritated by the fact that they forgot their password, so keep the small talk to the absolute minimum in this case. If your communication with your client is on the professional side, all you need is the above-mentioned information; if you allow a less formal approach, it’s ok to lighten up the mood with a few words of reassurance.

Slidebean - a super short and simple form, yet managing to keep it light and cheerful with “Let’s get you a new one”

“Change your password” is a strictly transactional email. Whether such emails are a good place to sell and advertise or not, it depends on your line of business, the style you have chosen and a number of factors. Due to the function of the email, you will have a link or button directing your customer back to the website; it does not mean that you can’t include another clickable item in the email, just make sure it doesn’t dominate the message.

Loom: One button, no additional links

Customer safety - no password in the email, ever (but do include username)

Passwords belong to fragile information and as such should never be included in the email. Sending a link is better both for customer safety and for you – because then the person will return to the website immediately. It’s good, however, to include username, especially if it’s used for the log-in process. Just as some people forget the password because they make a new one for each website they use, others come up with brilliant new usernames for each website… and then completely forget what they were. Your “Change password” option can also be used to retrieve a lost username, so why not put it in the opening of the email.

Email from with password given in the message


Something’s off? Do not confirm the existence of the account!

It can happen that the password change request is issued by someone who is not the account owner but is trying to get access to the account. Since you never know if that’s not the case, make sure you give away as little as possible. Even more importantly, if a person is trying to reset the password for an email that is not in your system, you know something is wrong. The best thing to do in such a situation is not to confirm or deny anything.


Password advice – where and when it’s needed

Depending on how light you want the experience to be and how important it’s that the customer’s account is super secure, you may decide to put some safety tips in this email. You are asking the customer to set a new password, so you can have a few tips on what a good password is. This can be put either in the content of your email or on your website but it’s good to include it somewhere, at least in its basic form. If you are worried about keeping it cool, then just make sure it’s written in a light form – and always make it simple.


Brand identity every step of the way

Graphic design / pictures version + html

Even in a message as simple as this one, you should take care of the visual identification. It will ensure that your customer trusts the email to be valid, and strengthen the company image. However, remember to keep it simple, get rid of any unnecessary pictures and items. In most cases a logo, preferably somewhere on the top, and the right colours are enough to mark your presence. In any case, make sure that apart from the html you also have a text version of the email, and make sure the second one also looks good and is easy to read.


Email tone

Make it professional, whatever that means to you and your company. More is less, that’s for sure. The absolute worst thing you could do is slap your customer on the wrist for forgetting their password (unless you have a very special, fun relationship with them). The experience is, by definition, a slightly unpleasant one or neutral at best, ao try to make your website users feel like it’s absolutely no hassle for you. A customer happy with your service and understanding approach is a returning customer - so the type we all like the most.

SurveyMonkey - website info - “help is on the way” is a very positive message

SurveyMonkey - email

Be reliable – test it, test it, test it

Don’t trust yourself, ever. Every step of the way – double check, triple check, do whatever it takes to avoid mistakes. This is one of the very basic email messages and even if your customer can forgive a mistake in a marketing email, which – as most people know – are prepared fast never to be sent again, your password email is something they may get numerous times, and as such allows absolutely zero room for mistakes.

Summary - your do's and don'ts

Create a password change path which includes an email Don’t limit password change to only the website
Keep the email simple Don’t include unnecessary, potentially confusing information
Include a visible link/button for password change Don’t ever give a new password in the email
Protect your customer’s privacy Don’t confirm the existence of the account
Check your email for potential problems Don’t send out untested emails
Use professional and pleasant language Don’t let the customer feel uneasy about the process
Make the email graphically and textually consistent with the company image Don’t treat this email with any less attention than other emails you send
Choose a service which will deliver your email in a flash (you know, like Coresender) Don’t make the customer wait for their website access

Case study



  • A friendly introduction “Success is just a few clicks away” creates a positive experience

  • A short password safety recommendation, which is simple and does not dominate the screen

  • A chat pop-up making sure the customer finds the email


  • Only text version with no visual identification - it would have been better to have the text version as a back-up plan, and for the email to be professionally designed

  • A direct link to reset the password is good, a tip to copy it ensures the success of the undertaking

  • Time-limited link ensures safety but 24 hours is too long


  • The email is short, professional and to the point

  • Visual identification is simple but consistent with the brand

  • Username included

  • One visible button + a link below in case of technical problems - a perfect combination

Home Depot

Home depot does not have a “reset password” email. Instead they have a verification email, which forces you to go back to their website and change the password there. It is an equally good practice, though less popular.



  • Very official and straightforward

  • Good design, which agrees with the brand

  • Information about app put discreetly in the upper right corner - a great use of an otherwise insignificant email

  • Time limited to 2 hours, which is good

  • There is contact information in case the customer needs help - which may be useful taking into consideration that the process is somewhat complex

Follow-up email

Back to articles listBack to articles list

Try Coresender today

Whether you need to send a few hundred emails or a few million, we’re ready to help you deliver your message. Are you ready to get started?

Try for free