Security notification is not sent when an admin changes the password of a user
Security notifications should be sent when admin changes a user's password in order to prevent admins from changing a user's password for malicious purposes.
See the table below. It describes the current behavior. Security notifications for change of email address are sent even when the change is made by admins. However, security notifications for change of password are not sent if the change is made by admins. The behavior is inconsistent.
|by the user||by admins|
|Change of password||✓||-|
|Change of email address||✓||✓|