Why Does My Salesforce Password Reset Link Expire Immediately?

Photo of author
Jerome Clatworthy

Certified Salesforce Administrator

I don’t have a lot of hair on my head, but I was at risk of losing the precious amount I had left with the frustration I experienced trying to reset my password for a Salesforce Org, when I was repeatedly told that the reset password link I requested had already expired. Even though I had not used it and had only just reset it.

Screnshot of Salesforce 'Forgot Your Password' screen.
This message was causing me significant frustration!

I had forgotten my password to this particular Salesforce Org, so was pressing the Forgot Your Password? link, following the relevant prompts, and having the link to reset my password emailed to me.

I would click on that link within a minute of requesting it and then get this dreaded message:

Your reset link expired after 24 hours or has already been used.

After repeating the same process multiple times to make sure I was clicking the right link and that it wasn’t an old email or something, I did some further research and discovered a solution.

I’ll share what worked for me, and hopefully, it helps you escape this reset password loop as well.

RELATED RESOURCE: Salesforce User Management

How to fix the ‘Your reset link expired after 24 hours of has already been used’ message in Salesforce?

If you attempt to reset your Salesforce password and continually get an error message that your brand-new reset password link has expired or already been used then it could be due to Microsoft Outlook and the way they alter links in emails to make them ‘safe’.

Here is what a typical Salesforce Password reset link in an Outlook email might look like, with the URL converted to a SafeLink:

Screenshot of Outlook email.
The Salesforce login link was modified to be a SafeLink by Outlook

If you are not using Microsoft Outlook, then this article may not be of use to you, but the same principle might be at play, just with different details.

Also depending on the way your Outlook administrators have configured SafeLink settings, you may not experience, this, or may experience it differently.

Hyperlinks in Microsoft emails are modified for cyber security purposes, but the way Salesforce Password Reset email links are modified seems to give Salesforce a false signal when the link opens as a SafeLink.

Thankfully there is a URL decoder tool you can use to convert an Outlook SafeLink back to a standard URL:

https://www.o365atp.com/

This simple web page gives you a place to paste your SafeLink, and then it decodes the original URL from the SafeLink.

Screenshot of the SafeLink Decoder tool.
This tool will decode your SafeLink to the original URL

You can see from the image above, that my SafeLinks URL was converted to a standard Salesforce Password reset URL, and when I use this URL instead of the Safelink version, I no longer receive the message that my reset password link has expired, or has already been used.

Hope this helps!