Resetting User Passwords: Self-Service and Admin Options
If a user forgets their password, is locked out, or has not yet logged in, there are two ways to set or reset their password: either by the user themselves or by an Admin.
This guide outlines both methods, with key tips to ensure a smooth login.
Pre-requisites
Role Requirements
Action | Required Role |
|---|---|
Reset your own password | Any user |
Reset another user's password | Admin, Owner |
Option 1: User-Initiated Password Reset
Users can reset their own password using the Forgot password? link on the login screen.
Steps:
Navigate to the Login page.
Click Forgot password? (beneath the Login button).
Enter the email address (or login name, if your company uses login names) associated with the account.
Check your inbox for a reset link.
💡 Tip: The reset link expires after 52 hours. If a new request is sent, previous links will no longer work.
Option 2: Admin-Initiated Password Reset
Admins can manually set or reset a user's password from the Individuals page.
Before You Begin: Set a Strong Password
Before setting a new password for a user, we recommend reviewing our guidance on secure password creation in the Setting a Secure Password article. This includes:
Tips for creating strong, memorable passwords
How our strength checker works
What to do if a password is marked as "Too weak"
Following these practices helps prevent login issues and strengthens account security.
Step 1: Set a new password
Navigate to People > Individuals from the sidebar.
Locate the user by filtering by name, team, status (e.g. Invite Pending), or any other criteria.
Click the three-dot menu (⋯) next to the user's name.
Select Set password manually.
Enter a secure temporary password.
💡 Tip: Use the password strength indicator and on-screen guidance to create a strong password (at least 8 characters, including a mix of letters, symbols, and numbers).
Step 2: Share the password securely
Communicate the password via a secure channel (e.g. phone, encrypted message).
Instruct the user to change it after logging in.
Step 3: Give guidance to avoid login errors
Advise the user to:
Manually type the password instead of pasting it (to avoid hidden formatting issues).
Double-check spelling — both email and password are case-sensitive.
Tips for Admins When Setting Passwords
Use at least 8 characters
Avoid common or easily guessed terms (e.g. company name)
Mix capital letters, symbols, and numbers
Encourage the user to update the password after first login
FAQs
Q: What happens if a user requests multiple password reset emails?
Only the most recent reset link is valid. Any earlier links are automatically deactivated.
Q: Can Admins view a user's current password?
No. Admins can only reset passwords—they cannot view existing ones.
Q: Why can't the user log in after resetting their password?
Ask them to retype their password carefully and check for extra spaces or incorrect capitalisation. Both fields are case-sensitive.
Q: Does my company use email or login name?
Most companies use email addresses, but some configure a separate "login name" for users. Check with your Admin if you're unsure which applies to you.
Q: What if a user's account is locked?
If the user has been locked out due to too many failed login attempts, an Admin can reset their password to unlock the account. See our Account Lockout Protection article for more details.
Troubleshooting
Issue | Solution |
|---|---|
Reset email not received | Check spam/junk folder. Verify the correct email address was entered. |
Reset link expired | Request a new link. Links expire after 52 hours. |
User can't log in after Admin reset | Ensure they type the password manually (not copy/paste) and check case sensitivity. |
Password marked as too weak | Use unrelated words, add symbols, or increase length. See Setting a Secure Password. |
Account locked out | An Admin can reset the user's password to unlock the account. See Account Lockout Protection. |