Skip to main content

Updating your access credentials

  1. To request a new password, visit https://.com/password_reset.

  2. Enter the email address associated with your account, then click Send password reset email.

    Note

    Only primary and backup email addresses can be used to request a new password. Unless you have previously chosen a specific backup email address, all verified emails are considered backup email addresses.

  3. will email you a link that will allow you to reset your password. You must click on this link within 3 hours of receiving the email. If you didn't receive an email from us, make sure to check your spam folder.

  4. If you have enabled two-factor authentication, you will be prompted for your 2FA credentials:

    • If you have Mobile, you will be sent a push notification to verify your identity. Open the push notification or the Mobile app and enter the two-digit code shown to you on the password reset page in your browser.

      • To skip using Mobile to verify, click Enter two-factor authentication or recovery code.
    • Type your authentication code or one of your recovery codes and click Verify.

      • If you have added a security key to your account, click Use security key instead of typing an authentication code.

      • If you have set up Mobile, click Authenticate with Mobile instead.

      • If you've lost access to your two-factor authentication credentials and your recovery codes, you can start account recovery request. See Recovering your account if you lose your 2FA credentials.

  5. In the text field under Password, type a new password. Then, in the text field under Confirm password, type the password again.

  6. Click Change password. For help creating a strong password, see Creating a strong password.

Tip

To avoid losing your password in the future, we suggest using a secure password manager.

When you type a password to sign in, create an account, or change your password, will check if the password you entered is considered weak according to datasets like HaveIBeenPwned. The password may be identified as weak even if you have never used that password before.

only inspects the password at the time you type it, and never stores the password you entered in plaintext. For more information, see HaveIBeenPwned.

  1. Sign in to .
  2. In the upper-right corner of any page on , click your profile photo, then click Settings.
  3. In the "Access" section of the sidebar, click Password and authentication.
  4. Under "Change password", type your old password, a strong new password, and confirm your new password. For help creating a strong password, see Creating a strong password.
  5. Click Update password.

Tip

For greater security, enable two-factor authentication in addition to changing your password. See About two-factor authentication for more details.

See Reviewing and revoking authorization of Apps for instructions on reviewing and deleting access tokens. To generate new access tokens, see Managing your personal access tokens.

If you have reset your account password and would also like to trigger a sign-out from the Mobile app, you can revoke your authorization of the " iOS" or " Android" OAuth app. This will sign out all instances of the Mobile app associated with your account. For additional information, see Reviewing and revoking authorization of Apps.

See Reviewing your SSH keys for instructions on reviewing and deleting SSH keys. To generate and add new SSH keys, see Connecting to with SSH.

If you have any applications registered with , you'll want to reset their OAuth tokens. For more information, see the /applications/{client_id}/token endpoint in REST API endpoints for OAuth authorizations.

For more tips on securing your account and preventing unauthorized access, see Preventing unauthorized access.