With the changes made in ICOTS Release 28.0, users now have to set up answers to security questions before they can reset their password. If they forget the answers to those questions, they will not be able to reset their password when it next expires. If they enter incorrect answers too many times, they will be locked out of ICOTS.
This security lockout is different than if they enter their password incorrectly more than 5 times. When a user forgets their password, the lockout only lasts 20 minutes and then the user can attempt to log in again. If a user forgets the answers to their security questions, then that lockout lasts 24 hours or until a state administrator manually resets the security for their account.
Once a state administrator resets the security on the account, the user will be prompted to enter new answers to their security questions the next time they request a password reset email.
The reset option is located under the "Security Reset" tab of the User Profile. A state administrator is the only type of user that can make this update.