10 golden rules of password reset emails

We’ve all misplaced our house keys and know that sudden feeling of panic as we retrace our steps. Forgetting a password can evoke the same feeling. Thankfully, the solution is simple—people can quickly request a “spare key” in the form of an account password reset email—no need to stress or pay a locksmith!

Restoring an account, however, requires a balancing act between password security measures and usability. Just like you wouldn’t place a spare key under the doormat, a password reset email shouldn’t make it easy for an unauthorized person to take over an account. 

And at the same time, a password reset email is a positive customer interaction that you want to get the most out of. These 10 best practices will help you create a password reset email that safeguards the account while delivering a great customer experience.

What is a password reset email?

A password reset email is a transactional email that is triggered when customers click on a “Forgot password?” link. The email contains a link to the service’s reset password web page where the recipient can reset their details.

Here’s the login screen and password reset request for Airtable, a low-code platform for building collaborative apps.

When the user clicks “Forget password,” they enter their email address and Airtable sends the below email. Clicking on the link brings up a password reset page where the customer is prompted to enter a new password, completing the account recovery process.

Email is the best way to reset a user’s password because it’s frictionless—customers find it quick and easy to type in a unique email address that they remember. It’s also secure because only the owner of the email account should have access to the inbox.

Elements of a password reset email

Password resets happen every second of every day. Most customers know what to expect in a change password email and are familiar with the password recovery drill. This isn’t the time to think out of the box or do something overly creative!

The ideal password reset email should contain the following elements:

1. A “From” name and a password reset subject line

2. A business logo and on-brand email design

3. An explanation of why the password email was sent

4. A link or button to reset the password

5. An expiration time for the password link

6. How to contact support for further questions

This Book Depository email is an excellent example:

10 best practices for password reset emails

1. Land in the inbox immediately

Customers ask for a password reset because they need access at that moment. This means the faster the email arrives, the better! The password reset email example below from Notion lands in the inbox almost instantly so people can get on with their work.

To land in the inbox, your email deliverability needs to be top-notch. Use a trusted email service provider that is tuned for peak performance, sending from a domain that enjoys a good reputation along with complete DKIM and SPF records for email authentication. You know, like MailerSend. 😉

2. Keep it super simple (KISS)

People expect to be on their way with a minimum of fuss. So keep your password reset email short and to the point. See this minimalist version from CamelCamelCamel (yes that’s the name of the company) describing what happened and what they need to do next.

3. Clearly label your email

Your reset password email should have clear and identifiable headers to reassure customers that it is not a phishing email. Use a meaningful subject line and ditch the no-reply address for a real email that recipients can reply to!

Grain, an online delivery service, ticks all the right boxes here. There is no question that this email was sent from them. Their subject line is clear, their logo is displayed prominently in the inbox, and there’s a real email address to reply to! 👏

You can easily add customized headers, footers, your branding and logo to your emails in MailerSend with the Drag & drop template builder. Simply build a template from scratch with the help of pre-made content blocks or choose a professionally-designed, ready-made template and tailor it to fit your brand.

4. Use one main CTA

The best password reset emails show a single CTA button or link. There shouldn’t be any other CTAs that may confuse customers or distract them from their goal. Add a copyable reset URL, like Etsy, just in case people are unable to click through to the browser.

5. Always send a follow-up email

Is the person resetting their password really who they are? To keep hackers in the dark, neither confirm nor deny the existence of an account on the reset password page. Look at this example from 15Five.

What if an account doesn’t exist? Or if customers used a different email? Don’t leave customers facing a wall of silence. Like REI.com, seize this opportunity by sending them an email to explain what is happening and hopefully convert them into happy customers!

6. Show your brand personality

Password reset emails serve an important functional purpose, but that doesn’t mean they have to be boring! Remember, these transactional emails enjoy a 100% open rate because people have to open them. Take this opportunity to showcase your brand voice and remind people why they like you.

Society6 uses its password reset email to maximum effect. Not only is their design nice, they include an empathetic message about remembering your password and fit in their brand tagline as well. All while still providing the necessary information to reset your password.

7. Keep marketing to a minimum

While marketing and transactional emails should always be distinct from one another, you can sometimes include value-driven content to your customers. Evernote, a note-taking app, cleverly drops a reminder that they sync across many devices.

8. Send both HTML and text emails

Sending both an HTML and plain text email ensures the broadest possible reach for your customers. Plus, you’ll improve your delivery rate because spam filters tend to see HTML-only emails as a red flag. The example below shows the HTML and plain text versions of a password reset email from Airbnb. 

HTML version

Plain text version

In MailerSend, it’s easy to create HTML and plain text emails. In addition to the Drag & drop editor, you can code your own HTML templates with the HTML builder or use the Rich-text email builder to create more basic, plain-text style emails with additional formatting capabilities.

9. Include a way to help

Your password reset email should reassure customers that they can opt to do nothing if they didn’t request the password change. Quandoo, a restaurant reservation platform, also suggests that end users can contact customer support if they have questions.

10. Test your email regularly

It’s easy to forget about password reset emails once they’ve been designed and implemented. Remember to regularly test their functionality and deliverability. Plus, it is a good idea to update them along with changes in your brand identity and support team information.

Step-by-step: Creating a password reset email

Now it’s time to apply these best practices and create your first password reset email template using MailerSend! You first need to have a MailerSend account, a verified sending domain, and a terminal app like Postman or Insomnia.

Ok, all sorted? Let’s create the forgotten password email by going to templates first.

1. Navigate to the Templates page and click on Create template.

2. Choose to use the Drag & drop editor to create your template.

3. Find the Reset password template in the gallery and click on the Choose button.

4. You can drag and drop blocks to customize the email template to match your brand identity. Go on, have fun with it!

5. Once you’re done with your template design, click on the Save and publish button.

6. You’ll be prompted to give your new template a name. 

On the same screen, you will also see a unique Template ID for your template as well as sending instructions for cURL, PHP, Laravel, Java, Ruby, Node.js, Go and Python.

7. Remember to click the Save changes button before you leave.

8. To send an email you’ll need the Template ID which you can also find on the Templates page under the template’s name.

9. Follow the sending instructions for your programming language. For example, for cURL, insert your Template ID at template_id. Add a subject under the template’s default settings or add it as a parameter within your API call.

curl -X POST \
https://api.mailersend.com/v1/email \
-H 'Content-Type: application/json' \
-H 'X-Requested-With: XMLHttpRequest' \
-H 'Authorization: Bearer {place your token here without brackets}' \
-d '{
"from": {
"email": "your@email.com"
},
"to": [
{
"email": "your@email.com"
}
],
“subject”: ”Reset your password”,
"template_id": "vywj2lpddml7oqzd"
}'

10. Check the status of your email message on the Activity page of your dashboard. All good?

Congratulations, you just sent your first password reset email using MailerSend! 🎉

Why password reset emails are important

All online accounts need a password to authenticate their owners. Despite the routine and highly transactional nature of password reset emails, they also play an important role in the customer experience. 

When your reset email restores account access, it’s a feel-good moment that builds trust as a reliable partner. On the other side of the coin, people will grow frustrated if the reset process is clunky. Customers that can’t access their account won’t stick around for long!

Keeping the account secure

Your customers need to be reassured that you are handling their personal data with care and that you will only give access to the rightful account owner. Any data breach will bring unwanted publicity to your business that you may not recover from.

For example, ASOS, a popular online clothing and accessories retailer, dedicates their entire password reset email to secure password best practices and keeping your user account safe! 💪

Creating a positive customer experience

A password reset is one of the most common customer touchpoints. While your email marketing campaigns help kickstart the customer journey, transactional emails like password resets are critical in keeping the relationship going.

Check out how Decathlon, the largest sporting goods retailer in the world, sends a simple but warm password reset email. They remind people to go back to what they were doing before they requested help—to continue shopping!

Password reset best practices checklist

Save this checklist to refer back to when you create your password reset emails, so you always create the best experience for your users!

1. Make sure your email deliverability is performing well: You want to land in inboxes as quickly as possible!

2. Remember to KISS, Keep It Super Simple: Minimal is best here so that users can quickly find their password reset link without any added fuss. 

3. Make your email easily identifiable with clear headers, subject lines and sending email address: Passwords are sensitive so give users extra reassurance that you’re the real deal. 

4. Use one main CTA: Recipients should be able to instantly identify where they need to click. 

5. Follow-up password reset requests: Inform recipients if their email address isn’t associated with an account.

6. Show your brand personality: Password reset emails don’t have to be boring. Add a sprinkle of fun to make recipients connect more with your brand. 

7. Keep marketing to a minimum: Keep your email as simple as possible and only add additional messaging where relevant. 

8. Send both HTML and text emails: Password resets are important and time-sensitive. Make it easier for more recipients to be able to access them by sending both. 

9. Include support information: Let recipients know where they can get in touch if they need help or have any questions.

10. Update and test regularly: Deliverability and functionality are key when it comes to password reset emails. Test them regularly and remember to update them when necessary.

Give your password reset emails a makeover today

It’s easy to overlook password reset emails and write them off as boring, functional emails. Give them a closer look, however, and you’ll be rewarded with opportunities to share your personality, build relationships and drive conversions.

How are you making your password reset emails stand out and work for you? Share in the comments below!