[conductr]

Some people will always find something to complain about. I feel like it’s completely reasonable to give a “sorry this link was only valid for 5 minutes and is now expired, request a new code here” message. State it in the email that originally contained the link and state it again on the page when they click it afterwards. This is incredibly common practice and very unlikely to be the first time someone has seen this workflow. If they want to complain further, direct them to a password manager and remind them there’s probably one built into their browser already

[rapind]

> State it in the email that originally contained the link and state it again on the page when they click it afterwards.

No one reads this stuff. I’m not saying this to be argumentative. I have a large user base and I know from experience.

[conductr]

Oh I definitely agree. But the point is that you’ve informed them of the process before expiring their link. These types of complainers are just looking for an easy button and don’t care about your security policies so I say to do this just so you can point at it and say it’s your process if someone really gets their panties in a wad over it.

It’s also why you say it on the site when the link is found to be expired. You basically remind them of the email even though they didn’t read it. Just consistent messaging is all. It might reduce the number of folks that decide to yell at you over it but will never fully eliminate them.

IMO the appropriate easy button is them using a password manager which is what I’d recommend. Also, just ignore these complaints if they don’t take your explanation and really push hard it’s a customer not worth pleasing at some point.