diff --git a/keyserver/addons/rust-node-addon/rust-binding-types.js b/keyserver/addons/rust-node-addon/rust-binding-types.js
--- a/keyserver/addons/rust-node-addon/rust-binding-types.js
+++ b/keyserver/addons/rust-node-addon/rust-binding-types.js
@@ -95,6 +95,7 @@
     authAccessToken: string,
     username: string,
     password: string,
+    skipPasswordReset: boolean,
   ) => Promise<void>,
   +syncPlatformDetails: (
     userId: string,
diff --git a/keyserver/addons/rust-node-addon/src/identity_client/privileged_reset_user_password.rs b/keyserver/addons/rust-node-addon/src/identity_client/privileged_reset_user_password.rs
--- a/keyserver/addons/rust-node-addon/src/identity_client/privileged_reset_user_password.rs
+++ b/keyserver/addons/rust-node-addon/src/identity_client/privileged_reset_user_password.rs
@@ -8,6 +8,7 @@
   auth_access_token: String,
   username: String,
   password: String,
+  skip_password_reset: bool,
 ) -> Result<()> {
   let mut identity_client = get_authenticated_identity_client(
     auth_user_id,
@@ -16,9 +17,16 @@
   )
   .await?;
 
+  let new_password = if skip_password_reset {
+    // dummy password for opaque, it won't be updated server-side
+    "[dummy]".to_string()
+  } else {
+    password
+  };
+
   let mut opaque_registration = comm_opaque2::client::Registration::new();
   let opaque_registration_request =
-    opaque_registration.start(&password).map_err(|_| {
+    opaque_registration.start(&new_password).map_err(|_| {
       Error::from_reason("Failed to create opaque registration request")
     })?;
 
@@ -40,7 +48,7 @@
 
   let opaque_registration_upload = opaque_registration
     .finish(
-      &password,
+      &new_password,
       &privileged_reset_user_password_start_response
         .opaque_registration_response,
     )
diff --git a/keyserver/src/scripts/reset-identity-user-password.js b/keyserver/src/scripts/reset-identity-user-password.js
--- a/keyserver/src/scripts/reset-identity-user-password.js
+++ b/keyserver/src/scripts/reset-identity-user-password.js
@@ -6,7 +6,15 @@
 async function resetIdentityUserPassword() {
   const targetUsername = '';
   const password = '';
-  await privilegedResetUserPassword(targetUsername, password);
+
+  // when true, user is reset to unsigned device list without password change
+  const skipPasswordReset = false;
+
+  await privilegedResetUserPassword(
+    targetUsername,
+    password,
+    skipPasswordReset,
+  );
 }
 
 main([resetIdentityUserPassword]);
diff --git a/keyserver/src/utils/identity-utils.js b/keyserver/src/utils/identity-utils.js
--- a/keyserver/src/utils/identity-utils.js
+++ b/keyserver/src/utils/identity-utils.js
@@ -65,6 +65,7 @@
 async function privilegedResetUserPassword(
   username: string,
   password: string,
+  skipPasswordReset: boolean,
 ): Promise<void> {
   const [rustAPI, identityInfo, deviceID] = await Promise.all([
     getRustAPI(),
@@ -78,6 +79,7 @@
       identityInfo.accessToken,
       username,
       password,
+      skipPasswordReset,
     ),
   );
 }