Force Users to Reset Their Passwords

In this article, we will go over the steps on how to force users to reset their passwords.



You need to ensure that users are prompted to reset their password the next time they log in.

This can be achieved by utilizing page rules and record rules. Alternatively, if you are on a specific plan, you can also fulfill this requirement using the built-in Knack security setting.


Users will need to be enabled in your app.

If this is your first time creating an app, you'll need to know some basics about adding tables, fields, pages, and views. You can start by reading our Builder Basics section

Other good resources can be found in our About Your Database and Working With Pages sections of the knowledge base.


Create a Field to Track Who Needs to Reset Their Password

To get started, create a Yes/No field in order to keep track of users who need to reset their passwords. This field should be added to the main table at the top of the User Roles section in the Builder. You can name the field something like "Reset Password?" or "First Login?".


The Accounts table might have a different name in your app. However, as long as you add the field to the top table in the User Roles section, you will be able to follow the steps outlined in this article.

To ensure that all new users are prompted to reset their passwords, simply set the default value of the field you created to "Yes":


Create a Page for Resetting Their Password

Now that we have determined the method for keeping track of users who need to reset their passwords, we need to create a dedicated page where users can easily reset their passwords.

This can be either a newly created page or an existing page.

Creating a New Page

To create a new page for resetting passwords, locate the green "+" button next to User Pages in the Pages section of the Builder and click on it.

In the page creation wizard, you'll want to use the following settings:

  • Give permission to all users.
  • Name the page.



At this step, you can add a Form view to the page created above. For the Data Source, we will use the "Accounts" table or the equivalent table that you have directly under the User Roles section of your app. 



You have the flexibility to let users reset their passwords in two different ways using the Password field:

  1. Prompt the user to enter their current password before setting up their new password.
  2. Users will only be required to enter a new password.

To configure either option, simply edit the Password field by clicking on the pen icon in the form preview. Then, select the desired checkboxes from the Password Actions section.


Using an Existing Page

Many users have the default Account Settings page in the User Pages section, which is already set up for users to reset their passwords:


If you prefer to use a different existing page, please ensure that it contains a Form view similar to the one created in the "Creating a new page" section mentioned above.

Create a Page Rule to Redirect Users

To ensure that users are prompted to reset their passwords the next time they log in, you can utilize a Page Rule on the page(s) where users can log in. This will provide a way to prompt users and guide them through the password reset process.

As an example, in our Members Directory sample app, there are two pages that require a login: Members and Admin. Therefore, we will proceed to add a page rule to both pages.

To redirect users who need to reset their passwords to the dedicated password reset page, you can add a page rule to the desired page. To do this, navigate to the page in the page tree and click on the Rules tab at the top.

The page rule will have the following settings:

  •  When Accounts > Reset Password? is "Yes" (You'll select the field you created in the first step.)
  •  Action: Redirect to an existing page.
  •  Page: Reset Password (You'll select the page you created in the second step.)


Record Rule to Update Users

Lastly, we will need to indicate which users have already reset their password so that they are not redirected to reset their passwords again during their next login. This can be accomplished by implementing a Record Rule on the password reset form.

To implement a record rule, navigate to the password reset page you created and click on the password reset form to open the editor.

Select the Rules section in the view editor and then click on the Record Rules tab.

The record rule will have the following settings:

  •  Action: Update this record
  •  When: Every form submission
  •  Values: Reset Password? to a custom value "No"


Optional Feature

Create a Page Rule to Show Message on Reset Password Page 

You may also want to consider adding a second page rule & action to this workflow to ensure that your users know what to do when they arrive at the Reset Password page.

  •  When: Accounts > Reset Password? is "Yes"
  •  Action: Show a Message
  •  Message: "You must set a new password." (example message)