Breached password email resent link validity period

Problem statement

We have configured the breached password protection to send emails to users. How long is the change password link valid? This doesn’t look configurable in the email template for the breached password.

Solution

The password reset links in breach password emails have the default timeout of 5 days. A new password reset link for a user invalidates the previously issued password reset links even if the five days haven’t been completed.