User with 2 passwords

I got a report from one of our users that they were not able to login for some applications, but are able to do so for others.

When looking at their profile in the keycloak admin interface I saw that there were two Credentials with the type “password”. After deleting both, and reinviting the user to set a pssword, the issue was resolved.

My nr. one question is how the end user has ended up with two passwords. Because that should not be possible - right?

We have the password reset function enabled, and we also use the password reset REST endpoint for password resets inside the application, but I can’t reproduce any issues using those.

Any tips or advice?