Hello Everyone, I an @ryan97 are designing a password reset email template and have this concern. Recently there has been a lot of issues and discussion on the web with regard to privacy. We had as a suggestion to in the email template add the user operating system and browser type. We will like to hear your points on whether to use them or not.
We have already considered sending in the email
A subject
Individual who requested
Body with duration for request link to be valid
A call to action
A means of contactin support
A statement to perform no action if the reset was not intended.
A bunch of platforms out there don’t have it like Twitter, Payoneer, Udacity while others Do like freelancer etc, Guess you might have seen them too. so I was skeptical about why and if it has any implications.
Below is a sample for Payoneer very basic though maybe because they have two sept authentication
Including the user’s OS and browser type in the password reset email can be helpful from a transparency and security awareness standpoint, but it does come with trade-offs. While some users might appreciate the additional context, others could see it as overreach, especially if they’re not expecting that kind of tracking or data in an email.
A good middle ground could be to make this optional or include it only when there’s a confirmed risk or suspicious activity. If you go this route, it’s important to include a clear privacy disclaimer in the footer or somewhere in the email template to explain why that info is there and how it’s used. That can help build trust while covering compliance concerns.
You’ve already included a solid list of essentials (subject, requester, link duration, call to action, support contact, and a statement about ignoring if unintended), great foundation!
