Set OTP lifetime for password reset to 1 hour [Updated in Security Center 2.0]

  • Release version: Yokohama
  • Updated July 2, 2025
  • 1 minute to read

    • Control the time duration of the link in the password reset email.

    The glide.pwd_reset.onetime.token.validity system property makes the link in the password reset email expire after the number of hours specified in the property. The validity time of a password reset token should be kept as short as possible while not disrupting normal user experience

    Set the property value to 1 (in hours).

    More information

    Attribute Description
    Configuration name glide.pwd_reset.onetime.token.validity
    Configuration type System Properties (/sys_properties_list.do)
    Data type integer
    Recommended value 1
    Default value 1
    Fallback value 1
    Category Authentication
    Security risk
    • Severity score: 4.6
    • CVSS score: Medium
    • Security risk details: A longer validity time for password reset token gives malicious actors a wider window to perform account takeover if the email with the reset token is leaked or compromised.
    Dependencies and prerequisites None