The session lifetime for password reset is 15 minutes. From the start of the password reset operation, the user has 15 minutes to reset their password. The email and SMS one-time passcode are valid for 5 minutes during the password reset session.
How many times can I reset/change my password in a short period of time?
There are security features built into password reset to protect it from misuse.
Users can try only five password reset attempts within a 24 hour period before they're locked out for 24 hours.
Users can try to validate a phone number or send a SMS, only five times within an hour before they're locked out for 24 hours.
Users can send an email a maximum of 10 times within a 10 minute period before they're locked out for 24 hours.
The counters are reset once a user resets their password.
The data you provide is stored securely in one of the Microsoft Data Centres in Europe. This data is encrypted both at reset and in transit. This data is used for the security of your account i.e. SSPR and MFA, and will not be used for any other purposes.
This data is NOT used or transferred to any other UL system.
New entrants (staff and students) [ML1] will be required to complete the following tasks as part of their initial account setup:
You will need access to either a mobile phone or landline to use and configure MFA and SSPR.