[rapind]

> State it in the email that originally contained the link and state it again on the page when they click it afterwards.

No one reads this stuff. I’m not saying this to be argumentative. I have a large user base and I know from experience.

[conductr]

Oh I definitely agree. But the point is that you’ve informed them of the process before expiring their link. These types of complainers are just looking for an easy button and don’t care about your security policies so I say to do this just so you can point at it and say it’s your process if someone really gets their panties in a wad over it.

It’s also why you say it on the site when the link is found to be expired. You basically remind them of the email even though they didn’t read it. Just consistent messaging is all. It might reduce the number of folks that decide to yell at you over it but will never fully eliminate them.

IMO the appropriate easy button is them using a password manager which is what I’d recommend. Also, just ignore these complaints if they don’t take your explanation and really push hard it’s a customer not worth pleasing at some point.