When a user is marked for Password needs reset, they must provide a new password at the next authentication attempt. This property controls whether the password reset is mandatory before making API calls. If this property is not set to the recommended value of true, user accounts marked as Password needs reset can still perform operations by querying the table API through basic authentication. This security vulnerability could enable information leakage if an inactive account is compromised.

More information