Best practice to deal with password reset on social users

Hey there,

Our support team receives tickets from our users complaining about not receiving emails regularly.

I know that social users won’t receive password reset emails when following the forget password flow. However, the UI is confusing by saying the email is sent. There are a lot of posts in the community talking about the issue, but there is no perfect solution so far.

I’m wondering if this is a design choice by Auth0, what’s the recommended solution deal with this case?

Thank you!

Hi @di1 ,

By design, the password reset process does not identify whether the email used is associated with an account because this would expose this information and make the account vulnerable to an attack.
We would suggest customizing the Reset Email Prompt(s) to explain that an email will only be sent if an account exists, and perhaps try a social connection.

For New Universal Login you can customize the text within the Dashboard by going to Branding > Universal Login > Advanced Options > Custom Text. The Prompt you will want to look at is Reset-Password, Screen Reset-Password-Email.
I hope this information helps, thanks!