The "Reset your password" email sent to a user when requested currently includes the following call-to-action as the last sentence:
"If you did not request a new password, please let us know immediately by replying to this email."
There are currently no set procedures that can be followed to investigate a spurious password reset request. We should remove this sentence outright, or change it to advise users they can safely ignore it if they did not request it, as it currently causes helpdesk tickets to be raised with no meaningful action that can be taken.
The "Reset your password" email sent to a user when requested currently includes the following call-to-action as the last sentence:
"If you did not request a new password, please let us know immediately by replying to this email."
There are currently no set procedures that can be followed to investigate a spurious password reset request. We should remove this sentence outright, or change it to advise users they can safely ignore it if they did not request it, as it currently causes helpdesk tickets to be raised with no meaningful action that can be taken.
Raised in https://support.ehelp.edu.au/a/tickets/187188 although no user notification is required in this case.