# Manually force password resets

![Reset password session task](./image.png)

As an initial action, we’re introducing the ability to set passwords as compromised, with the option to immediately sign out all active sessions for the affected user. This triggers a reset password session task, requiring the user to set a new password on their next sign-in. Additional actions will be introduced in the future.

## How to force password resets for an entire instance

If you need to protect all users at once—such as during a suspected platform-wide security incident—you can require a password reset for every account in your instance.

This is currently done by setting all existing passwords as compromised, which will trigger a reset password session task for affected users. Each user will be required to set a new password the next time they sign-in.

1. Navigate to **Configure > Instance Settings > Security Measures** in your Clerk Dashboard.
2. Select **Set all passwords as compromised**.

## How to force a password reset for a specific user

When only a single account is at risk, you can require a password reset for that user alone.

This action triggers a reset password session task for the user, ensuring they must change their password before continuing.

1. Navigate to the **User Details** page for the user.
2. In the **Password** section, under the actions dropdown, select **Set password as compromised**.

## Getting started

All new instances have password reset session task enabled by default. Existing instances must manually opt-in via the **[Reset password session task update](https://dashboard.clerk.com/~/updates)** on the **Updates** page.

If you’re using custom authentication flows, make sure your application handles:

- [The **Reset password session task**](https://clerk.com/docs/js-frontend/reference/components/authentication/task-reset-password.md)
- [The associated **password compromised error**](https://clerk.com/docs/guides/development/custom-flows/error-handling.md#password-compromised)