diff --git a/frappe/auth.py b/frappe/auth.py
index 1658930317..d4a0dae4a0 100644
--- a/frappe/auth.py
+++ b/frappe/auth.py
@@ -155,7 +155,9 @@ class LoginManager:
 		self.authenticate(user=user, pwd=pwd)
 		if self.force_user_to_reset_password():
 			doc = frappe.get_doc("User", self.user)
-			frappe.local.response["redirect_to"] = doc.reset_password(send_email=False, password_expired=True)
+			frappe.local.response["redirect_to"] = doc._reset_password(
+				send_email=False, password_expired=True
+			)
 			frappe.local.response["message"] = "Password Reset"
 			return False
 
diff --git a/frappe/core/api/user_invitation.py b/frappe/core/api/user_invitation.py
index 7ca304b046..619b8e1af8 100644
--- a/frappe/core/api/user_invitation.py
+++ b/frappe/core/api/user_invitation.py
@@ -126,7 +126,7 @@ def _accept_invitation(key: str, in_test: bool) -> None:
 	# set redirect_to
 	redirect_to = frappe.utils.get_url(invitation.get_redirect_to_path())
 	if should_update_password:
-		redirect_to = f"{user.reset_password()}&redirect_to=/{invitation.get_redirect_to_path()}"
+		redirect_to = f"{user._reset_password()}&redirect_to=/{invitation.get_redirect_to_path()}"
 
 	# GET requests do not cause an implicit commit
 	frappe.db.commit()  # nosemgrep
diff --git a/frappe/core/doctype/user/test_user.py b/frappe/core/doctype/user/test_user.py
index aa7c182b00..691c8235a1 100644
--- a/frappe/core/doctype/user/test_user.py
+++ b/frappe/core/doctype/user/test_user.py
@@ -42,7 +42,7 @@ class TestUser(IntegrationTestCase):
 
 	@staticmethod
 	def reset_password(user) -> str:
-		link = user.reset_password()
+		link = user._reset_password()
 		return parse_qs(urlparse(link).query)["key"][0]
 
 	def test_user_type(self):
diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
index fdc3cca83c..5e646f8650 100644
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -480,7 +480,7 @@ class User(Document):
 	def validate_reset_password(self):
 		pass
 
-	def reset_password(self, send_email=False, password_expired=False):
+	def _reset_password(self, send_email=False, password_expired=False):
 		from frappe.utils import get_url
 
 		key = frappe.generate_hash()
@@ -516,7 +516,7 @@ class User(Document):
 	def send_welcome_mail_to_user(self):
 		from frappe.utils import get_url
 
-		link = self.reset_password()
+		link = self._reset_password()
 		subject = None
 		method = frappe.get_hooks("welcome_email")
 		if method:
@@ -1142,7 +1142,7 @@ def reset_password(user: str) -> str:
 			return "disabled"
 
 		user.validate_reset_password()
-		user.reset_password(send_email=True)
+		user._reset_password(send_email=True)
 
 		return frappe.msgprint(
 			msg=_("Password reset instructions have been sent to {}'s email").format(user.full_name),