Correct me if i;m wrong but in my understanding
Create Token - creating link on how eepc showld work.. for example password token by creating token we give intruction to eepc to work with completely new token - erase old one.
Reset token - reseting the token attribute - which was link how eepc whould work - for example password token - reseting existing password token
I;m bit confusing at the begining since we're using password as token..
So create and reset looks same to me..
it's would be much clearer if you're using other token such as smart card etc..
this is my understanding:
Create token: if we do create token the user can use the same password that is used last time.
Reset token: if we reset token he can not use the same password from his last 3 passwords.