# Password control ## Password requirements When setting a password for [simple sign-in](#simple-sign-in), the following rules apply: * A minimum length of 8 characters * At least 1 lowercase letter (a-z) * At least 1 uppercase letter (A-Z) * At least 1 number (0 - 9) * At least 1 special character (!, $, #, or %) {% hint style="info" %} Password validation includes checks to determine if the password specified for registration or reset is compromised. Checks are made using the **haveibeenpwned.com** service with the `k-anonymity` model, to determine if a password has been leaked. If a specified password is found to be compromised, it cannot be used, and you will be prompted to try again. {% endhint %} ## Password expiry Patchworks passwords do not expire. If you are logged into the dashboard, you can change your password by selecting the `change password` option associated with your avatar (in the top right-hand corner of the dashboard). For further information, please see: [Managing your own user account](https://doc.wearepatchworks.com/product-documentation/users-roles-and-permissions/managing-your-own-user-account). Users with an [administrator or manager role](https://doc.wearepatchworks.com/product-documentation/users-roles-and-permissions/roles-and-permissions-summary) can [trigger password resets for other users in their company profile](#password-control). ## Password storage Patchworks passwords are stored in an encrypted AWS database. ## Password control Passwords can never be viewed or accessed by users, irrespective of their role. ### Managing passwords for other users Users associated with an [administrator or manager role](https://doc.wearepatchworks.com/product-documentation/users-roles-and-permissions/roles-and-permissions-summary) can trigger a password reset for any users in their company profile, via the Patchworks dashboard. For more information, please see our [Triggering a password reset for another user](https://doc.wearepatchworks.com/product-documentation/users-roles-and-permissions/triggering-a-password-reset-for-another-user) page. {% hint style="warning" %} Password reset links are valid for 24 hours. After this, another password reset must be triggered so a new link is emailed. {% endhint %} {% hint style="info" %} Passwords are never set on behalf of other users. {% endhint %} ### Forgotten passwords If you sign in to the Patchworks dashboard with an email address and password, you can [reset your password](#managing-your-own-password) at any time, from the Patchworks sign-in page:

Forgot your password option from Patchworks sign-in page

{% hint style="info" %} Alternatively, use the link below: {% endhint %} Selecting this option displays a `reset password` page - enter your email address to trigger a password reset email:

The password reset email includes a link which allows you to reset your password. {% hint style="warning" %} Password reset links are valid for 24 hours. After this, another password reset must be triggered so a new link is emailed. {% endhint %} ## Google sign-in passwords If you sign into Patchworks with your Google account, you won't have a password for Patchworks. However, if a password reset is triggered for a Google sign-In user, a password reset email IS triggered and can be used to set a Patchworks password. This does not affect your Google sign-in, it just means you can choose to log in via Google OR by entering your email address and Patchworks password. ## External access External access via the Patchworks API is granted via API tokens. For further information, please see our [API help pages](https://doc.wearepatchworks.com/product-documentation/developer-hub/patchworks-core-api).