I'm switching a site from
Azure B2C/AAD and require users to reset their password. Users will also see different log in screens. I'm struggling to find an approach where users won't be scared that my site's been hacked, worried that reset password emails are phishing attacks etc.
My plan is to ask users to sign into the site the using their existing credentials, explain the situation and ask them to reset their password... (I would need to track who completes the progress, keep the existing infrastructure alive, and one day worry about a bulk import of the remaining users)
I've also thought about doing a bulk transfer and automating password reset emails to everyone... my concern is that this would scare people....
Could anyone suggest a less intrusive method or an example of a company who has done this well?