| 1 |
# Password Reset |
| 2 |
|
| 3 |
Request a reset link by email if you've forgotten your password. |
| 4 |
|
| 5 |
## Resetting a Forgotten Password |
| 6 |
|
| 7 |
1. Go to [/forgot-password](/forgot-password) |
| 8 |
2. Enter the email address associated with your account |
| 9 |
3. Click "Send Reset Link" |
| 10 |
4. Check your email for a message with a reset link |
| 11 |
5. Click the link and enter your new password (minimum 8 characters) |
| 12 |
6. You're logged in with the new password |
| 13 |
|
| 14 |
The reset link expires after 15 minutes. If it expires, request a new one. |
| 15 |
|
| 16 |
For security, the form always confirms that a link was sent regardless of whether the email exists. This prevents anyone from discovering which emails are registered. |
| 17 |
|
| 18 |
## What Happens on Reset |
| 19 |
|
| 20 |
- Your password is updated immediately |
| 21 |
- All other active sessions are revoked (if someone else had access, they're logged out) |
| 22 |
- If you had a breached password, the warning clears |
| 23 |
- The reset link becomes invalid after use (single-use) |
| 24 |
- If you change your password before using a reset link, the link becomes invalid |
| 25 |
|
| 26 |
## Changing Your Current Password |
| 27 |
|
| 28 |
If you know your current password and want to change it: |
| 29 |
|
| 30 |
1. Go to Settings > Security |
| 31 |
2. Click "Change Password" |
| 32 |
3. Enter your current password and your new password |
| 33 |
4. All other sessions are revoked automatically |
| 34 |
|
| 35 |
## Password Requirements |
| 36 |
|
| 37 |
- Minimum 8 characters, maximum 128 |
| 38 |
- No character type requirements (uppercase, numbers, symbols are not enforced) |
| 39 |
- Passwords are checked against known breaches via HaveIBeenPwned (k-anonymity; your password is never sent externally). Breached passwords trigger an advisory warning but are not blocked. |
| 40 |
|
| 41 |
## Account Lockout |
| 42 |
|
| 43 |
After 5 consecutive failed login attempts, your account is locked for 15 minutes. A one-time login link is emailed to you automatically. Click the link to bypass the lockout and log in. Passkey login is not affected by password lockout. |
| 44 |
|
| 45 |
For full details on 2FA, passkeys, and session management, see [Account Security](./security.md). |
| 46 |
|
| 47 |
## See Also |
| 48 |
|
| 49 |
- [Account Security](./security.md): 2FA, passkeys, and session management |
| 50 |
- [Getting Started](./getting-started.md): Account creation |
| 51 |
|