---
url: 'https://www.corbado.com/kpi/password-reset-volume'
title: 'Password Reset Volume'
description: 'Password Reset Volume tracks how many completed password resets occur per active user per year, helping quantify support load, friction and cost.'
lang: 'en'
---

# Password Reset Volume

## What is the Password Reset Volume?

**Password Reset Volume (PRV)** measures how often active users complete a
[password reset](https://www.corbado.com/blog/password-reset-increase-customer-retention) over a defined period,
normalized per user per year. It is a practical way to quantify the ongoing operational
tax of password based authentication, including user frustration and the support and
infrastructure effort required to recover access.

> **Key facts on Password Reset Volume**
> 
> - **What it captures**: Completed
>   [password resets](https://www.corbado.com/faq/passkeys-reduce-password-resets-otp-costs) per active user per
>   year
> - **Primary use**: Quantify password dependence and its cost and friction
> - **Interpretation**: Lower is better, typical systems often land around **200% to 400%**,
>   meaning about **2 to 4** resets per active user per year

## Where does the Password Reset Volume fit in the login funnel?

We measure **Password Reset Volume** when a user enters account recovery after failing to
authenticate or selecting forgot password. Measurement boundary: we count one reset at the
moment the password is successfully changed through the recovery flow, then we normalize
by active users and time.

```mermaid
flowchart LR
    LA((Offer Auth))
    SL((Start Login))
    FL((Failed Login))
    OR((Offer Reset))
    SR((Start Reset))
    CR((Complete Reset))
    SA((Success Auth))

    LA --> SL --> FL --> OR --> SR --> CR --> SA

    SR -. "PASSWORD RESET VOLUME" .-> CR
```

## How to calculate the Password Reset Volume?

For **Password Reset Volume**, the unit of analysis is an active user in the period. We
count each completed [password reset](https://www.corbado.com/blog/password-reset-increase-customer-retention)
once, even if the same user resets multiple times.

> $$\text{PRV}=\frac{\text{Total [Password Resets](https://www.corbado.com/faq/passkeys-reduce-password-resets-otp-costs)}}{\text{Active Users}\cdot\text{Time Period in Years}}$$

In practice, `Total Password Resets` is the number of completed reset events in the
period, `Active Users` is the number of unique active users in the same period and
`Time Period in Years` converts the period length into years.

A useful way to interpret levels is that **100% equals 1 reset per active user per year**.

| Typical level of Password Reset Volume | Approx resets per active user per year |
| -------------------------------------- | -------------------------------------- |
| Under 50%                              | Under 0.5                              |
| 200% to 400%                           | 2 to 4                                 |
| Over 500%                              | Over 5                                 |

### Numerator: Total Password Resets

Include resets that complete the recovery flow and result in a new password being set, for
example `password_reset_completed`. Exclude voluntary password changes from signed in
settings, exclude test accounts, and exclude retries that do not complete. Decide whether
to include agent assisted resets, then keep that rule consistent.

### Denominator: Active Users multiplied by Time Period in Years

Define `Active Users` as unique users who were active in the product during the period,
typically by a successful login or a meaningful authenticated session. Keep the activity
definition stable so changes in tracking do not look like real resets moving.

### How to use Password Reset Volume to improve outcomes

We use **Password Reset Volume** to reduce avoidable recovery and the cost and friction it
creates.

- Higher successful sign ins that reach the intended authenticated state, diagnose high
  forgetting or lockouts, reduce password reliance with passkeys or better credential
  storage prompts, validate with a sustained drop in resets and fewer repeat resetters
- Lower user drop off during authentication, diagnose abandonment inside reset flow,
  improve deliverability and link reliability, validate with fewer repeat requests from
  the same user within a day
- Lower support contacts caused by authentication issues, diagnose high agent assisted
  resets, increase self service success and clear in product guidance, validate with fewer
  tickets per 1,000 active users
- Better operational cost through fewer retries and interventions, diagnose high reset
  loops and resend storms, add rate limits with user friendly guidance and better error
  handling, validate with lower resets per active user and lower infra spend

### Blindspots and common pitfalls of Password Reset Volume

- **Intent and selection bias**: Resets measure users who hit recovery, not all users who
  struggled, so product changes that hide recovery can lower the metric without improving
  access
- **Missing telemetry**: If completion events are not logged consistently across clients,
  the metric can drop while real resets stay flat
- **Mix shifts**: A surge in infrequent users can raise resets even when the experience is
  unchanged, segment by login frequency and tenure
- **Policy driven resets**: Forced rotations and security lockouts can inflate resets and
  can mask improvements in usability