Passwords can definitely be a frustrating part of our lives. Remembering which passwords you used for your dozens of different accounts is nearly impossible without the help of password managers. 

Should you suddenly start receiving constant emails telling you that you have to reset your password for whatever reason (or sometimes with no reason listed) on top of everything else, you may be at the end of your patience.

Several reasons exist for receiving these email messages, and they can range from legitimate to scam to somewhere in between. 

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

What is a password reset email message?

When you are entering your username and password at a website to access your account, you may see a small “Forgot Password” text link. If you can’t remember your password, and you click this link, the account holding company will send you an email that allows you to reset your password. This type of email reset message, like the one below, would be a legitimate one.

However, some password reset emails you receive are fake, usually attempting to trick you into revealing your username and password to a hacker.

Example of legitimate password reset email (Kurt “CyberGuy” Knutsson)

MORE: THIS IS HOW YOUR EMAIL GETS INTO WRONG HANDS

Why do I receive fake password reset emails?

When you receive email messages asking you to reset a password when you did not make the request, the message could be a fake. Some of the reasons you may receive fake emails like this include:

Beware the bait: A hacker is attempting a phishing attack, hoping you’ll click on a fake link in the message.

Privacy alert: You potentially shared your email address at an unsafe website, and hackers are trying to steal your account password by tricking you into revealing it.

Security warning: Your account has some sort of security issue that is triggering these messages.

Update required: You may need to update your software or app to the latest version.

Illustration of a hacker on a laptop (Kurt “CyberGuy” Knutsson)

MORE: HOW TO KEEP YOUR ONLINE PASSWORDS SAFE

What should I do if the password reset emails are legitimate?

The password reset email message you are receiving could be a legitimate request. It may indicate that your account is under attack from a hacker. You can protect yourself in a few ways.

Go to the website directly and access your account. Then change your password to make it stronger.

Set up two-factor authentication (2FA) on your account. Should someone figure out how to hack your account password, having the second verification requirement significantly protects you.

Reach out to the website that holds your account for help with taking the necessary steps to protect yourself.

You may receive the message because you need to change your password every few months to match the requirements of the company holding the account.

Never click on a link in the email message as it could be a fake. If you click on it, you may actually give the hacker the information to take over your account rather than protect your account. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Steps you can take to eliminate password reset emails

You can take a few steps to try to reduce the number of emails you receive requesting a password reset.

1. Double-check your username and password. When accessing your account, you may have a typo in your login information. Should you repeatedly attempt to access your account with this error, the company that holds the account may believe a hacking attempt is occurring, triggering an automatic reset. If your web browser automatically populates your username and password for you, make sure this information is free of typos.

RURAL TEXAS TOWNS REPORT CYBERATTACKS THAT CAUSED WATER SYSTEM TO OVERFLOW

2. Remove unauthorized devices. Some accounts maintain a list of devices authorized to use your account. If a hacker manages to gain some of your personal information, it may be able to add one of its devices to your authorized list, triggering account login errors as it tries to hack your password. Check the list of authorized devices and remove any items you don’t recognize. 

The process varies, depending on the type of account. We’ll cover steps for Microsoft, Gmail, Yahoo and AOL.

Microsoft:

• From your Microsoft account home page, click on your personalized logo at the top right of the page.
• Then click My Microsoft Account
• Scroll down the page until you see your list of trusted devices.
• Click View All Devices
• On the next page, you can click Remove Device for any device you want to remove from your account.

Steps to remove unauthorized devices from PC (Kurt “CyberGuy” Knutsson)

Gmail:

• Sign in to your Google Account at myaccount.google.com.
• Click the Security tab on the left side of the page.
• Scroll down to the section labeled “Your Devices” and select Manage all devices.
• You’ll see a list of devices where your Google account is currently signed in.
• If you see a device you don’t recognize, click on it and select Sign out.

Yahoo:

• Go to the Yahoo Account security page at help.yahoo.com/kb/account.
• Click on Recent activity.
• Review the list of devices and locations that have accessed your account.
• If you notice any unfamiliar activity, click Remove or Sign out next to the suspicious device.

AOL:

• Sign in to your AOL account and go to the Recent Activity page.
• Review the sections for Recent activity, Apps connected to your account and Recent account changes.
• If you find any activity or devices that you don’t recognize, click Sign out or Remove next to it.

Remember to regularly check your account settings and authorized devices to ensure the security of your accounts. If you suspect any unauthorized access, it’s also a good idea to change your passwords and review your account recovery options.

3. Sort such messages to spam. If you’d prefer to simply not see these kinds of email messages, set up your email client to sort messages like this to a spam folder. (Because many of them are spam, some email clients do this automatically.) Should you ever legitimately request a password reset, though, you’ll need to remember to look in the spam folder for the message.

4. Use a static IP address. Some accounts attempt to recognize your device through your IP address. If you have a dynamic IP address, your IP address changes constantly, meaning the account may not recognize your device, triggering the reset message. This often occurs because you are using a VPN. See if your VPN allows you to use a static IP address.

Woman holding a tablet with VPN installed (Kurt “CyberGuy” Knutsson)

MORE: WHAT HAPPENS WHEN CYBERCRIMINAL GETS ACCESS TO YOUR EMAIL ADDRESS

Kurt’s key takeaways

Although it can be frustrating to receive password reset emails, you should investigate any request like this that comes from an account you use regularly. Reach out to the customer service team for the account where you are having the issue. You may find that a simple glitch is causing the issue. Fix that, and you can put a halt to these frustrating messages. Or if it is a fake password reset email, you now know how to handle the situation to stay safe and secure.

Can you share a time when you strengthened your online security measures in response to a threat? What prompted it and how did you do it? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.