Problem statement
We have configured the breached password protection to send emails to users. How long is the change password link valid? This doesn’t look configurable in the email template for the breached password.
Solution
The password reset links in breach password emails have the default timeout of 5 days. A new password reset link for a user invalidates the previously issued password reset links even if the five days haven’t been completed.