deSEC uses tokens for authentication against the API – including the “update.dedyn.io” interface. The password on the other hand is only required to generate new tokens, change your email address, delete your account, or log in the website to manage your domains (coming soon). New user accounts currently do not get a password assigned, as – currently – most users do not need a password.
Long story short, you reset your account password, but what you need in the update URL you posted is an authentication token, which is unrelated to the password you chose and hence did not change.
If you still want to change the authentication token, I suggest you use the API to do the following:
Alternatively, you could wait a couple of days for the first stab of the GUI and then use the web login to do above-mentioned steps to manage your tokens.