# Password control

## Password requirements&#x20;

When setting a password for [simple sign-in](#simple-sign-in), the following rules apply:

* A minimum length of 8 characters&#x20;
* At least 1 lowercase letter (a-z)&#x20;
* At least 1 uppercase letter (A-Z)&#x20;
* At least 1 number (0 - 9)&#x20;
* At least 1 special character (!, $, #, or %)

{% hint style="info" %}
Password validation includes checks to determine if the password specified for registration or reset is compromised.&#x20;

Checks are made using the **haveibeenpwned.com** service with the `k-anonymity` model, to determine if a password has been leaked. If a specified password is found to be compromised, it cannot be used, and you will be prompted to try again.
{% endhint %}

## Password expiry&#x20;

Patchworks passwords do not expire.&#x20;

If you are logged into the dashboard, you can change your password by selecting the `change password` option associated with your avatar (in the top right-hand corner of the dashboard). For further information, please see: [Managing your own user account](/product-documentation/users-roles-and-permissions/managing-your-own-user-account.md).

Users with an [administrator or manager role](/product-documentation/users-roles-and-permissions/roles-and-permissions-summary.md) can [trigger password resets for other users in their company profile](#password-control).&#x20;

## Password storage&#x20;

Patchworks passwords are stored in an encrypted AWS database.

## Password control

Passwords can never be viewed or accessed by users, irrespective of their role.

### Managing passwords for other users&#x20;

Users associated with an [administrator or manager role](/product-documentation/users-roles-and-permissions/roles-and-permissions-summary.md) can trigger a password reset for any users in their company profile, via the Patchworks dashboard. For more information, please see our [Triggering a password reset for another user](/product-documentation/users-roles-and-permissions/triggering-a-password-reset-for-another-user.md) page.

{% hint style="warning" %}
Password reset links are valid for 24 hours. After this, another password reset must be triggered so a new link is emailed.
{% endhint %}

{% hint style="info" %}
Passwords are never set on behalf of other users.&#x20;
{% endhint %}

### Forgotten passwords&#x20;

If you sign in to the Patchworks dashboard with an email address and password, you can [reset your password](#managing-your-own-password) at any time, from the Patchworks sign-in page:

<div align="left"><img src="/files/eWg4ANZcaokvCFL5Vy2f" alt="Forgot your password option from Patchworks sign-in page" width="375"></div>

{% hint style="info" %}
Alternatively, use the link below:

<https://app.wearepatchworks.com/reset-password>
{% endhint %}

Selecting this option displays a `reset password` page - enter your email address to trigger a password reset email:

<div align="left"><img src="/files/qUhyIS0hStTzixtH99yl" alt="" width="375"></div>

The password reset email includes a link which allows you to reset your password.

{% hint style="warning" %}
Password reset links are valid for 24 hours. After this, another password reset must be triggered so a new link is emailed.
{% endhint %}

## Google sign-in passwords

If you sign into Patchworks with your Google account, you won't have a password for Patchworks. &#x20;

However, if a password reset is triggered for a Google sign-In user, a password reset email IS triggered and can be used to set a Patchworks password.&#x20;

This does not affect your Google sign-in, it just means you can choose to log in via Google OR by entering your email address and Patchworks password.

## External access

External access via the Patchworks API is granted via API tokens. For further information, please see our [API help pages](/product-documentation/developer-hub/patchworks-core-api.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.wearepatchworks.com/product-documentation/registration/password-control.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.