Introduction

This guide explains how to reset your password on a Drupal 10 website that has Two-Factor Authentication (TFA) enabled. The process involves using a one-time login link and providing an additional authentication code from your TFA app.


Target Audience

This guide is for:

  • Drupal website users who need to reset their password.
  • Users who have Two-Factor Authentication enabled on their account.
  • Users who have access to their email and authenticator app.
  • Site administrators helping users with password reset process.


Before you begin, make sure you have:

  • Access to the email address associated with your account.
  • Your authenticator app (Google Authenticator, Authy, or similar).
  • A device with a web browser.

Step 1: Initiate Password Reset

  1. Go to your Drupal site's login page (/user/login)
  2. Click on the "Reset your password" link
  3. Enter your username or email address
  4. Click "Submit"

Step 2: Access One-Time Login Link

  1. Check your email for a message from your Drupal site
  2. Find the one-time login link in the email
  3. Click the link or copy and paste it into your browser
  4. Note: This link is valid only for 24 hours and can be used just once
  5. Note: The password reset link is lengthy, and when copy-pasting it, not all characters may be copied correctly. Make sure to copy the link using the mouse's right-click to select the 'Copy link' option.

Step 3: Two-Factor Authentication

  1. After clicking the link, you'll be prompted for your TFA code
  2. Open your authenticator app (like Google Authenticator or Authy)
  3. Enter the current 6-digit OTP code shown in your app
  4. Click "Verify"

Step 4: Set New Password

  1. Once TFA is verified, you'll be taken to the password reset form
  2. Enter your new password in the "Password" field
  3. Enter the same password in the "Confirm password" field
  4. Note: Ensure your password meets the site's complexity requirements
  5. Click "Save"

Step 5: Complete Login

  1. After saving the new password, you'll be automatically logged in
  2. You'll see a confirmation message that your password has been changed
  3. You can now use your new password for future logins

Important Notes

  • If the one-time login link expires, you'll need to request a new one
  • Keep your authenticator app accessible during this process
  • If you lose access to your authenticator app, contact your site administrator
  • Password requirements typically include:
    • Minimum length (usually 8 characters)
    • Combination of uppercase and lowercase letters
    • Numbers and special characters
    • Cannot be the same as your username