As a database does not store a user’s password and even the administrator cannot see it, a mechanism of password change is implemented in the system using temporary credentials.
A user who has forgotten their password can click on the "Forgot your password" link on an authorization form. They are then prompted to enter their username (login) and/or e-mail address used for registration. After that, a temporary control string for the password change is sent to their email address.
If a login name or e-mail can be found, a new control string is generated and sent to the email address. The message template can be customized using the menu command System settings -> Message templates, the Account information template type.
The link contained in this message allows the user to log in the site using the temporary string to change password and enter a new one.
If the temporary control string and the new password are both correct, the user password is changed in the database.
Site administrator or a member of a user group that is assigned the write permission in the kernel module settings can change the user’s password only in the s profile settings.
Attention! The Bitrix company cannot restore the forgotten user password.
