Account
Passwords and recovery
Forgot password, reset password, and why the rules are strict.
Password problems are best solved before they happen, so let’s go through the recovery flow once and mention a few gotchas.
The password rules
At sign-up and at reset, passwords must:
- Be at least 8 characters.
- Include at least one uppercase letter.
- Include at least one lowercase letter.
- Include at least one number.
- Include at least one special character (punctuation).
We recommend a password manager. Any random 16-character password will satisfy the rules and be easier to remember by not remembering it.
Forgot password
- Go to Forgot password.
- Enter the email on your account.
- Submit. You’ll see a confirmation toast.
- Check your email. The reset link expires after a short period — use it promptly.
- Click the link — you’ll land on the reset page.
- Enter a new password and confirm it.
- Submit. You’re signed in automatically if your email was included in the link; otherwise, sign in normally.
Didn’t get the email?
- Check spam.
- Confirm the email matches the one you registered with. Typos here are the most common cause.
- Wait a minute and retry — occasionally upstream mail providers delay.
- If you signed up with Google/Apple, you may not have a password yet. Use the reset flow anyway to set one.
Reset link expired
Just start the flow again. Old links are single-use — once you’ve used (or expired) one, request a new one.
Changing your password when signed in
Currently, change-password while signed in uses the same reset flow:
- Sign out.
- Use Forgot password on the sign-in page.
- Set a new password via the reset link.
- Sign in with the new password.
Suspicious activity
If you suspect someone else has signed in with your credentials:
- Reset the password immediately.
- Review the All Sites list and the Submissions for anything unexpected.
- Check Billing for unrecognised charges.
- Contact support with a summary.