diff --git a/ansible/roles/authelia/defaults/main.json b/ansible/roles/authelia/defaults/main.json
index 8206661..89c4e12 100644
--- a/ansible/roles/authelia/defaults/main.json
+++ b/ansible/roles/authelia/defaults/main.json
@@ -21,6 +21,7 @@
 	"var_authelia_storage_data_mariadb_password": "REPLACE_ME",
 	"var_authelia_storage_data_mariadb_schema": "authelia",
 	"var_authelia_ntp_server": "time.cloudflare.com:123",
+	"var_authelia_password_reset_enabled": false,
 	"var_authelia_notification_mode": "smtp",
 	"var_authelia_notification_file_path": "/var/authelia/notifications",
 	"var_authelia_notification_smtp_host": "smtp.example.org",
diff --git a/ansible/roles/authelia/templates/conf-main.json.j2 b/ansible/roles/authelia/templates/conf-main.json.j2
index 096774a..3b85291 100644
--- a/ansible/roles/authelia/templates/conf-main.json.j2
+++ b/ansible/roles/authelia/templates/conf-main.json.j2
@@ -47,7 +47,7 @@
 	},
 	"authentication_backend": {
 		"password_reset": {
-			"disable": true,
+			"disable": {{not var_authelia_password_reset_enabled | to_json}},
 			"custom_url": ""
 		},
 		"refresh_interval": "5m",