This debate has been going almost as long as “which came first, the chicken or the egg?” If you read any ITIL forums, you will undoubtedly find this question posted at least once a year.
My answer to this question is: if it really matters, you are doing something wrong.
The very basis of this question shows that the person asking is far too focused on the process instead of what they should be focusing on: the customer of the process. Yes, you can be too process focused. It doesn’t matter if a password reset is an incident or a service request as long as your procedures of addressing this are efficient and effective and support the needs of the person needing their password reset.
For any organization, the adoption of the IT service management practices will vary from other organizations, and that’s OK. As an organization’s service management maturity grows, the focus should be on making the customers and their interactions with the service provider more effective and efficient instead of debating issues like this.
So, the question should be restated as, “What would make our customers more efficient? Should we handle a password reset as an incident or a service request?” From this question, you can devise your own answer that is pertinent to your organization.
For the record, a password reset is indeed a service request, because it has nothing to do with some disruption to the service. However, this can be further debated in the instance where the service itself causes the need for the password to be reset.