Password control
Last updated
Last updated
When setting a password for , the following rules apply:
A minimum length of 8 characters
At least 1 lowercase letter (a - z)
At least 1 uppercase letter (A - Z)
At least 1 number (0 - 9)
At least 1 special character (!, $, #, or %)
Patchworks passwords do not expire.
Users who sign in via Patchworks can choose to any time, from the Patchworks sign-in page. Alternatively, users with a Client Admin role can .
Patchworks passwords are stored in an encrypted AWS database.
Passwords can never be viewed or accessed by users, irrespective of their role.
Password reset links are valid for 24 hours. After this, another password reset must be triggered so a new link is emailed.
Users can reset their password via a forgot your password link - this link is always available at the bottom of the sign in to Patchworks page:
Selecting this option displays a reset password page, where the user can enter their email address and trigger a password reset email:
The password reset email includes a link for the user to follow and reset their password.
Password reset links are valid for 24 hours. After this, another password reset must be triggered so a new link is emailed.
However, if a password reset is triggered for a Google sign-In user, they still receive a password reset email, which can be used to set a Patchworks password.
However, OAuth2 is also used for clients who wish to access Patchworks services via a Patchworks API endpoint. In this scenario, Patchworks provides an access token to clients, which is used to authenticate API requests.
Any logged-in user can change their password by selecting the change password option associated with their avatar (in the top right-hand corner of the dashboard). For further information please see: .
Users associated with an can trigger a password reset for any users in their company profile, via the Patchworks dashboard. For more information please see our page.
If a user registers their Patchworks account with , they won’t be aware of a ‘Patchworks password’ because they always sign in with Google credentials.
This does not affect the person’s Google sign-in, it just means they can choose to log in via Google or enter their email address and Patchworks password ().
We have already noted that is used to authorise access to Patchworks via . In this scenario, Patchworks requests an access token from Google; once a token is received, it is used to request the required user information for the sign-in process.
For further information please see our .