User receives multiple unsolicited password reset emails

If a user reports receiving multiple password reset emails in a single day, check the following:

• Is the user requesting password resets using the "Forgot Your Password?" link on the login page?
• Are any System Administrators sending out new password resets to this user?

If the answer to both of the above questions is NO, do the following:

• Download your org's Setup Audit Trail
• Check the timestamps for the password resets that are being triggered for the user

If the timestamps are spaced equally apart—for instance, a reset is consistently being sent every 15 minutes, or 4 hours—one possible cause behind this behavior could be the following:

If an admin recently sent a password reset to the user, and left the resulting password reset page open, this can cause the system to keep sending out new password resets to the user.

When this reset password result page is refreshed, it will send out a new password reset to the user. As a result, if an admin leaves this page or tab open, their web browser could automatically refresh the page on a regular cadence, which will end up sending the new password reset links to the user even when they don't need a new reset.