Think about all the times you’ve wracked your brain trying to remember your password, was it 24 or 42? Was there a ? or a #?, and eventually giving up to click the “Forgot password?” link. As someone who can never seem to keep my password straight, I rely on those emails. Password reset emails may not be the most exciting, but they’re necessary to me (and many others) in enabling us to log into our accounts!
Password resets live in the transactional email category. They’re specifically requested by the recipient, and contain important, time-sensitive information. But, what does a good reset password email look like? What information should it contain?
We’ll walk through best practice tips for the content of a password reset email, highlight a few examples along way, and wrap it up with deliverability tips to ensure your password emails land in your recipients’ inboxes.
Password reset best practices & examples
Password reset link
What should a password reset email include? You’d think the obvious answer would be a password, but including a physical password in the email is risky even if it’s a temporary one.
If you scroll through all of the examples below, none of the emails include a password. Instead of a password, they include a link so you can reset your own password. This is a much safer practice because it’s much less likely to compromise a user’s account.
In Twilio SendGrid’s email below, you’ll see there’s a call-to-action (CTA) button to reset your password, as well as a note to contact support if you did not request your password to be reset. While many companies tell you to ignore the password reset email if it’s sent in error, SendGrid takes the safety of your account a step further by asking you to reach out to the support team.
Sender name & logo
When you reset your password, you want to make sure that the email you’re receiving is secure. If you receive an email with a no reply address and an unfamiliar sender name, recipients are more likely to believe the email is spam.
Clearly identify your company in your sender name and address. Additionally, include your logo at the top of your email. This assures the recipient that the email is in fact from your company.
This email from ClassPass has ClassPass as the sender name, email@example.com as the address, features the ClassPass logo at the top of the email, and even includes the logo in the Gmail profile picture. I have no doubt that this email is from ClassPass, and feel confident that I can open the email and click the link without issue.
Short and sweet
The best password reset emails quickly get to the point. After all, there’s a very specific purpose for the email, so no need to dawdle or beat around the bush.
Letgo’s email starts off with a straightforward subject line, “Reset your letgo password.” When you open the email, the CTA to set a new password is placed front and center with a big, bold button. With just a glance, you know where to click to reset your password.
This email example may be simple, but it is still representative of the letgo brand with the colorful CTA, logo, and website menu at the top of the email.
Your email doesn’t need to be in a complex, 3-column template, but it should look polished. Avoid using plain text emails, especially for transactional use cases, because plain text is sometimes associated with spam email. And, test your email across devices to give your recipients the best experience across desktop and mobile.
Need a sample template to help with your email design? Download our free, responsive password reset email template and customize it for your brand.
Especially for companies that contain sensitive information, it’s recommended to include a timestamp on your password reset email link.
In Nike’s email, the company specifically informs you that the link will last 48 hours. I also like that the email lists all of the different requirements for the password. In this case, seeing the requirements helped me remember which password I used, so I didn’t have to reset it after all.
Transactional email deliverability recommendations
So you’ve entered your email to reset your password, what do you do immediately after entering your email? Check your inbox.
But what if the email with your link doesn’t arrive… I picture frustration and an upset call to the customer service department. It’s so important that your password reset email makes it to the inbox and does not end up in the spam folder, deferred, or blocked.
There are a few things you can do to help your emails land where they’re supposed to.
- Send over a dedicated IP address. Dedicated IP addresses allow you to control and develop a strong sending reputation. Without a dedicated IP, you’re at the whim of other senders and their potentially poor sending practices.
- Consider separating your mail streams so that your marketing/promotional email is separated from your transactional email. Closely monitor the mail stream that sends login credentials to ensure you are experiencing high delivery rates.
- Refrain from adding marketing material to your transaction emails. Marketing material in transactional emails can easily confuse Internet Service Providers (ISPs), leading them to believe that you are sending marketing emails. This makes it much more likely that your transactional email will be sent to the spam folder.
These are just a few reasons why your password reset email may not be landing in the inbox. For a more comprehensive look at your email deliverability, explore our 2019 Email Deliverability Guide or partner with our experts to get to the bottom of your email deliverability issues.
Ready to reset?
To wrap it all up, let’s review the details that make a great password reset email.
- Make sure your brand is recognizable in the inbox
- Keep your emails short
- Include a link (not a physical password)
- Set a time limit for extra security
- Land in the inbox (not the spam folder)
Want to learn more about transactional email? Great! We have you covered. Check out a variety of transactional use cases with Twilio SendGrid.