🔐 How to Reset a Customer's Password

Account Access — Verification, 2FA, and Recovery

← Back to Knowledge Base

Overview

Before making any changes to a customer's account, identity must always be verified. This protects the customer from unauthorised access and protects us from liability. Never skip or rush verification, even if the customer seems frustrated.

Step 1 — Send a Verification Code

Always start by sending a one-time security code to the customer's registered email or phone number. Ask the customer which method they currently have access to before sending.

💡 If the customer has an AOL or external personal email on the account, send the code there — it won't be affected by any issues with their business email.

Step 2 — Code Not Arriving?

If the customer says the code hasn't arrived, work through the following before escalating:

⚠️ If codes consistently fail to arrive after multiple attempts, escalate to L2. Do not attempt to bypass verification.

Step 3 — Account Has 2FA / Authenticator Issues

If the customer is locked out due to a 2FA or authenticator app issue, this is outside L1 scope. Escalate to L2 immediately — do not attempt to disable or work around 2FA from your end.

Step 4 — Customer Can't Access Account Email or Phone

If the customer cannot access either verification method, do not attempt to send codes to unverified external addresses. Direct them to the account recovery portal:

💡 Account Recovery Portal: https://supportcenter.123-reg.co.uk/accountrecovery

Step 5 — Resetting the Password

Once identity is verified, you can reset the account password or WordPress admin password depending on what the customer needs:

Step 6 — Updating Account Details

If the customer wants to update their login email, phone number, or personal details after verification, direct them to:

⚠️ Never confirm registrant details from L1 — all personal details including email, phone, and owner name are censored for security reasons.

Common Pitfalls