There are a few ways that your client/prospect password can be reset.
The first is on the actual engagement itself. There will be a forgot password link on the engagement that your client can click on.
In going this route this will start the PIN process over again where the client will need to have their PIN and will then create a new password on engagements that have a high security level.
**Please note: If you have your notifications set up to receive an email when your client/prospect requests a new security PIN, as long as they have a mobile number on their profile you do not need to take any further actions. The PIN reset will happen automatically, they will receive their new PIN via SMS and will then create a new password. If there isn't a mobile number on file then you will need to provide the PIN to your client verbally or in a separate email to be fully secure.
The other route is if they do not have a mobile number on their profile you can reset their security to generate a new PIN on their profile.
You will then need to provide this PIN to your client either verbally or in a separate email.
Tip for Client/Prospect passwords on the templates: The password validation runs an algorithm to check for common passwords and will show them as invalid. There's no fixed set of "rules" for the password. The only fixed rule is the 8 character minimum. After that, it depends on how common it is. This algorithm is not proprietary, it's something that is used by a large number of sass companies (such has Dropbox, Github, and even Bank of America). While some services implement this algorithm only as "information" by showing a password strength meter, we opted to not allow weak passwords at all since we are protecting personal and financial information.