Is there a way for a user to reset his firebase password without actually verifying the account when resetting the password?
Initially when an account is created the "verified" in the userinfo is set to false, once the account is created we receive an email with the verify account url. However, when the user "forgets his password", the password reset mail is send to the user and when he actually resets the password, the firebase userinfo "verified" is set to true.
E-Mail verification just confirms that the email belongs to that person by generally sending a link or so. Now if a user can access the link to reset password then they definitely own that email (unless someone else has access to their device).
If that's a strict requirement to not set
emailVerifiedto true on verifying email then you'll have to implement your own logic using Firebase Admin SDK which would run on a Cloud function or custom server.