Password resets in high-risk environments are safer when they require the user's physical presence.

Requiring physical presence adds an important layer of verification for password resets. In high-risk environments, attackers frequently try to exploit reset flows by targeting stolen credentials, intercepting reset links, or using social engineering to answer security questions. When the user must be physically present, the reset can be tied to a trusted location or device, and a tangible authentication factor (such as a hardware token, biometric check at a secure station, or in-person identity verification) is required. This makes it much harder for remote attackers to complete the reset, even if they have some amount of account information or previously captured credentials. The process also provides better real-time validation, auditing, and enforcement of security policies, which collectively strengthen protection.