Changing a user's password

Admin guide
Who this is for
Admins who need to update someone else's password — with that person's cooperation
Time to read
3 min
Prerequisites
You can access **Settings → Users** and have permission to update users.

What you'll learn#

  • How to change another user's password from the Users page
  • A real limitation of the current version — the old password is required
  • What to do when a user has forgotten their password entirely

The honest version: this isn't an admin reset#

The Change Password action on the Users page is more accurately described as "change a password on behalf of the user, with the current password" than as "reset a password". The dialog asks for three fields:

  • Old password (required — must match the user's current password)
  • New password
  • Confirm password (must match new)

Because the old password is required, this flow only works if you or the user can provide the current password. It's useful for collaborative scenarios — the user is sitting next to you, or told you their current password over a secure channel — but it's not a true unilateral admin reset.

For genuine password recovery (user forgot their password entirely), see the Forgot password section below.

Step-by-step — when the user can provide their current password#

  1. Open Settings → Users.
  2. Find the user in the list.
  3. Click the three-dot menu at the end of their row and choose Change Password.
  4. The Change Password dialog opens.
  5. Enter:
    • Old password — the user's current password. Either they told it to you, or you had it.
    • New password — at least 4 characters. Pick something strong even though the UI's minimum is low.
    • Confirm password — type the new password again exactly.
  6. Click Save.

The dialog closes and the password is updated immediately. Any existing sessions the user has open continue to work until their token naturally expires, so if you want them off the old password right now, ask them to sign out and sign back in.

When the user has forgotten their password#

If the user has genuinely forgotten their current password and can't tell you what it is, the Change Password dialog cannot help — it won't let you proceed without a valid old password.

The current version of VAT Portal does not have a UI-level admin reset or a self-service "Forgot password" link. Recovery paths:

  1. Contact your system administrator or implementation partner. They may have backend-level access to set a new password directly.
  2. Create a new user account with the same role and access (use Copy User from the old account), and delete the old one. The user signs in with the new username from then on. This is a heavy workaround but it works and is clean from an audit perspective — actions taken under the old account stay attributed to that historical record.

After the change#

  • The user signs in with their new password from now on.
  • The old password stops working immediately; if the user is still signed in on other devices with a cached session, those sessions remain valid until they expire or the user logs out.
  • Their user record still carries all other settings — companies, role, access, group memberships — unchanged.

Common questions#

How is this different from the user changing their own password?

There is no self-service "change my password" option in the current VAT Portal UI. All password changes route through an admin (using this dialog, with the old password known). That's a limitation of the current version — a self-service change flow may land in a future release.

What's the minimum password length?

4 characters — enforced by the form. This is the same as the creation dialog. It's lower than we'd recommend; pick something genuinely strong regardless of what the UI will accept.

What about password complexity — special characters, numbers, etc.?

Not enforced by the current UI. Strong passwords are your users' responsibility.

The Change Password dialog is rejecting my old password even though I'm sure it's correct.

Passwords are case-sensitive. Also double-check for leading/trailing whitespace — if you copy-pasted from an email, you may have an invisible space. If it still fails, the password on record actually differs from what you think; fall back to the "forgot password" recovery paths above.

Can I force a user to change their password on next sign-in?

Not currently — VAT Portal doesn't have a "must change password on next login" flag. If you set a new password for them, they'll just keep using it until they or an admin changes it again.

The user is logged in right now — will changing their password log them out?

No. Their current session token keeps working until it naturally expires or they sign out. The password change only affects new sign-ins. If you need them kicked off immediately, ask them to sign out, or wait for the session to expire.

I changed the password and now I'm not sure what I set it to.

Write it down in a trusted password manager or secure temporary note before hitting Save. There's no history — once saved, the new password is what's stored, and nobody (not even Root) can retrieve it from the UI.

Keep reading

Related articles

Creating a new user
Editing a user's profile
Deleting a user
Logging in and out
Copying a user (inherit permissions)