Resetting a User Password

No one (including Administrators) has access to user passwords: nobody can read a user’s password nor can anyone set or reset a user’s password. So what do you do if a user contacts you because he or she has forgotten their password and can’t log on to the site? One thing you can do is click Send Password to send the user a link to a page where they can create a new password.
 

To help a user reset their password, click the appropriate user account on the Manage Profiles page, then click Send Password. Doing that sends the user an email; if the user clicks the link in the email, he or she will be taken to a page where they can reset their password.

Note. Although administrators cannot change a user’s password, they can use the entity.update API to force a user to reset their password. This is done by setting the user’s password to NULL (no password), and then sending them a reset password link. Users must then create a new password before they can log on. (However, and by default, users are allowed to simply reuse their old password.)