How One Button Can Speed Up Your ‘Forgot Password’ Flow

No matter who you are, forgetting a password sometimes happens. That’s why most login forms offer a ‘Forgot Password’ link to reset the password. But the user flow of resetting a forgotten password isn’t as fast and helpful as it could be.

When users click the ‘Forgot Password’ link, they’re prompted to enter the email address they used to sign up. Then they’re told a link to reset their password was sent to their email account. And the flow ends there. Users are left to complete the rest of the task on their own.


The current user flow for resetting a forgotten password isn’t helpful enough. The user could get distracted during the task and forget about checking their email. They could also forget which email they typed in if they have accounts from many webmail providers.

Not only can they forget, but the user flow is slow. Users have to open up a new browser tab and type in their webmail provider’s URL to check their email. They shouldn’t have to do so much work to complete the last step in the process.


You can make this step faster for them by offering a ‘Check Email’ button at the end of the flow. The button should take them to their email account login page, so they don’t have to type it in. When they see the page, they can log in, check their email and reset their password right away. It’s faster than the current flow, and keeps users focused on completing the task.

The ‘Check Email’ button encourages users to complete the ‘Forgot Password’ task faster. Add it to your flow so that users can reset their password with ease. The faster they can recover their account, the faster they can log in and use your site.



elegant wordpress themes

This Post Has 31 Comments

  1. Pablo Reply

    Good idea, but what happens when the user has a corporate email account or uses Outlook to check his emails?

    • anthony Reply

      Every email address has a domain name ending even Outlook.

      • Pablo Reply

        I mean, Outlook as the client software to check their emails, not an account on outlook.com. Another example can be Thunderbird.

        • anthony Reply

          For users using third party mail apps, it won’t help much. But for users using web based email? Definitely.

          Even sending them to their email provider’s website is a proactive approach in reminding them to complete the last step.

  2. Linda van der Pal Reply

    I don’t quite understand how that would work. I see how you could redirect people who use a gmail account to gmail, but I don’t see how you could make this work for _all_ mail providers. Am I missing a point here somewhere?

    • Sharath Bulusu Reply

      We don’t have to make it work for all mail providers – just enough of them to make a material difference. Of course it depends on your product but if you are B2C business it’s highly likely that gmail, hotmail, yahoo and a handful of other domains cover a majority of your users. So for anyone on your whitelisted set of domains show the button, for the others you can figure out a clever solution later.

      Quite often we fail to give 80% of our users a benefit early because we are fixated on solving it for 99% or 100% of users.

      That being said if you want to cover the long tail of email domains then you can start by tackling everyone who is using a web-client for email. And you can figure out the URLs for the web-client by looking at the referers for traffic coming in from your other emails (transactional emails, newsletters etc).

      • Linda van der Pal Reply

        Wow, I guess I wasn’t alone with that question! Thanks for the answer!

  3. Frost Simula Reply

    I’m not sure how this could be implemented universally. Can you provide a code example?

  4. Rodrigo Reply

    I can’t see how would you implement this with every possible email. For exemple, lets supose my email adress is: rodrigo@xpto.com.br
    Where would you send me after clicking “CHECK EMAIL”?
    Supose I use to read my email in Outlook most of the times, but I can read my email via browser in the addres: webmail.xpto.com.br

    Thanks for the post. The ideia is good but I quite didn’t understand.

  5. Chuck Reynolds UX Reply

    I understand the concept here… and you could implement some script to work for the big email hosts (gmail, yahoo, outlook, etc) but I can’t imagine taking the time to implement a script for, arguably, a small percentage of people… of which is already a very small percentage of users overall whom forget their password… would be a valuable use of time.
    If there were an open source github repo for a script that does that.. it would help but… good idea just not worth the time in implementation except for rare cases in my opinion.

  6. Jeffery Reply

    Wondering if a mailto: link could be exploited to get the user to their account?

  7. Thomas Creeten Reply

    Hello world,

    I think it’s a great concept.
    If the user has an account from one of the big mail providers like gmail etc. the button shows up. Otherwise the button would’nt even show up, maybe.

    A “mailto:”-attempt could be a bigger pain. Some do use a desktop app to manage their emails, some do not.
    For me, I use gmail for my private stuff but also the Outlook app for work, so eventually my Outlook would open up which I maybe do not want.

  8. Alex F Reply

    Another anoying thing in this process, wether yo take the slow of the fase way, is that clicking on the confirmation link in the email open another tab, and you end up with 2 tabs opened on the same site/web app…

  9. Nigel Reply

    Another approach to this could be the use of a SMS message to a cell phone that provided a unique code to enter. The phone number would need to be already stored against the users account but this approach would remove the need of needing to know the mail client or opening an additional tab.

  10. Zach Reply

    I totally agree the current standard flow is not ideal, and LOVE the idea of a solution making the users life simpler. My problem is unless they explicitly have a GMail, Yahoo, Outlook.com, etc address it provides no value. Between those with corporate emails and those using installed applications to check email, I think it would only help a small subset of users. If it helped even 75% that would be great but I would guess it would be much much lower.

  11. Matt Reply

    How about if the email hasn’t arrived yet? These things aren’t always guaranteed however good your mail grid is.

    So the user ends up in their inbox that much faster, with that much less time for the email to transport, and end up more frustrated than they may otherwise have been.

  12. Ann Wuyts Reply

    I second most of the comments here. Whilst it might make things a tad easier for people using more popular web-based email services, it won’t work for all. (And, I use gmail to check all my mail address, and always have a mail tab open anyway.)

    Maat makes a valid point though. Often I spend quite a while force-checking for email, waiting, finding it ended up in spam, .. . Fixing – or improving – email delivery, might get you the biggest gain.

  13. David Millar Reply

    Even knowing that it’s not foolproof, I think this is an excellent idea. Obvious it’s not going to work for all cases, but I can see where sites and apps with a user base that uses webmail could get lift from this. For those that don’t, no harm done. Thanks for the suggestion!

  14. Mel Hogan Reply

    The biggest issue I see with this is introducing a step most users aren’t initially familiar with. It could potentially cause confusion. The theory is excellent, in practice, it would be interesting to see how it affects the UX. Sounds like a solid opportunity for an a/b test.

  15. The Usability People Reply

    We agree with the majority of the comments. This would be great for the web-based emails (such as gmail, yahoo, etc) and even providing help to a limited number of users would be useful.

    Know what would be even more useful?

    Reminding the user about the specific password requirements that the site has. Some sites require that a password contains a number and/or a special character.

    Just providing that bit of information may trigger a memory for the actual password – thereby avoiding the forgot password flow altogether.

    • Rodney Reid Reply

      Yes! This would have saved me countless ‘forgot password’ tries, because knowing that something is a minimum of 8 characters means I didn’t use my short password, and knowing that it required a symbol triggers another password for me.

      To continue on with your idea:

      As you’re typing the password it dynamically tells you if what you typed meets the requirements of the system… “Needs a symbol, a number, and 8 characters” — as you type, this message changes — “Needs a number and 3 more characters”, etc.

      Good article and great topic!

  16. Darren Reply

    What about companies who use gmail as a client and a company domain name with changed mx records…

    how does this know that it has to open gmail for me!!! (darren@bespokeinternet.com through gmail)

    Wouldn’t a better way of delivering this be to display memorable information to answer in the box you’ve designed to encourage them to input on the page they are struggling to log into (I’d be looking at online banking for inspiration Lloyds for instance have this nailed)

  17. Mathew Robertson Reply

    I’ve got a simpler one… how about not making me enter my login-name again -> just use the value from the previous page !

    ie: the use-case is:
    1. I go to a site and I type my login-name… which is often 40-50 keystrokes as it is my email address
    2. After two attempts at typing in my password, I realise I dont know it…
    3. I go to the “forgot password” page – at this point it should just use whatever I have already entered.

  18. Heather Reply

    Instead of directing users to their email, what about having them answer one or two secret questions and allowing them to immediately set up a new password?

    Of course this would only work for sites that use secret questions but would allow users to complete the flow without having to log into email and go back to the website.

  19. Mitchell G Reply

    I really like this idea. It’s a nice touch, and seems so simple. Yet, in all the times I have had to review a “Forgot Password” process, it never occurred to me to add a “Check E-Mail” button.

    On a technical level, I don’t think it would work for everyone… However, I think it would work for enough people to make a difference.

  20. Andy Reply

    For those who cant just Check Email from the browser, there would be not difference in the experience. However, for people that have one of the big email hosts, it would make a big difference. I think this is a pretty good idea. Small step improvements.

  21. Jarek Reply

    This is good practice.
    Nothing new though, but good.

    I’d even make this process shorter when a user already typed somewhere his email address.

    Let’s say:

    I want to sign in, so I’m typing my email address and I forgot my password.
    So I click on the link “Forgot password” and the message is sent straight to my inbox + some CTA button “Check your inbox”.


  22. lou Reply

    I like the idea of trying to shorten the whole sign up/sign in/forgot details process.

    But not sure this improves the flow, if it is highly likely that users are already signed into their email in another window, or on another device. Then opening mail in another window, is just annoying….

  23. Anonymous Reply

    I don’t get how a “Check Email” button would even be coded. There are so many email providers that it’s basically IMPOSSIBLE for one person just to remember the URL of the email provider to check for each email address. Like, I could be easily able to code that if the email address matches the regex .+@gmail.com, for the check email button to go to mail.google.com or something, but what if a customer signs up for an email provider which I don’t know? How would I know if the check email button goes to the correct place? Like say someone signs up for an email ending in @thompsonschools.org and no one ever did that before. Someone who doesn’t know about that domain could just code that the check email button goes to the domain after the @ (in this case, thompsonschools.org). But the actual place to check the email is at mail.google.com!! Maybe I could offer users to add a link to check when they sign up, but what if the website owners change the link? The users may forget to update it!! Also, if they change their email address, the link will have to be updated (if so). How would it be possible to code?? Won’t work after all!

    • Cornel Raiu Reply

      I would not worry about trying to cover all cases.
      What I would do is just cover the well known email providers and check for them ( “yahoo.com”, “gmail.com” etc. )

      If the email has one of the well knows strings, I display the button.

      Otherwise I don’t. It’s as easy as that. It covers 83% of the users in one of the apps I am building right now.
      That is definitely a plus for my password recovery process.

Leave a Reply

Your email address will not be published. Required fields are marked *