Verify that the "Forgot Password" link/button is prominently displayed on the login page.
Check that the user is directed to the correct page or modal when clicking the "Forgot Password" link.
Test with valid and invalid email addresses.
Verify that the system handles invalid or poorly formatted email addresses properly.
Confirm that a password reset email is sent to the user's email address.
Check that the email contains a unique and secure token or link for password reset.
Test the validity of the token or link provided in the email.
Ensure that expired or invalid tokens/links are appropriately handled.
Verify that clicking on the valid token/link takes the user to a secure password reset form.
Test the form for proper input validation (e.g., password length, complexity).
Confirm that the new password is successfully updated in the system.
Ensure the user receives confirmation of the password change.
Common Issues in Forgot Password Functionality
Password Reset Link does not expire or invalidate after a certain period of time.
Exposure of sensitive information in logs or URLs.
Easily guessable