Password Reset
This guide explains how to reset your password if you've forgotten it or need to change it for security reasons.
Self-Service Password Reset
Initiating Password Reset
-
Go to Login Page
- Navigate to the QoBooks login page
- Click "Forgot Password" link below the login form
-
Enter Email Address
- Provide the email address associated with your account
- Click "Send Reset Link"
-
Choose Verification Method
- Email: Reset link sent to your email
- SMS: Verification code sent to your phone
- Select your preferred method
-
Complete Verification
- Email: Click the reset link in the email
- SMS: Enter the 6-digit code
- Verification link/code expires after 1 hour
-
Create New Password
- Enter your new password
- Confirm the new password
- Click "Reset Password"
-
Login with New Password
- Your password has been reset
- Log in with your new credentials
- Update any saved passwords in password managers
Password Requirements
Minimum Requirements
- Length: At least 8 characters
- Complexity: Must include:
- At least one uppercase letter (A-Z)
- At least one lowercase letter (a-z)
- At least one number (0-9)
- Special Characters: Optional but recommended (!@#$%^&*)
Security Best Practices
- Don't reuse passwords from other accounts
- Don't use personal information (birthdays, names)
- Don't use common words or phrases
- Use a password manager to generate strong passwords
- Change passwords regularly (every 90 days recommended)
Account Lockout
Automatic Lockout
- Account locks after 5 failed login attempts
- Lockout duration: 15 minutes
- Prevents brute-force attacks
- Automatic unlock after timeout
Manual Unlock
- Administrator can manually unlock accounts
- Navigate to User Management
- Select the locked user
- Click "Unlock Account"
- User can then attempt login again
Unlock via Password Reset
- Password reset automatically unlocks account
- No admin intervention required
- Recommended for users who forget passwords
- Faster than waiting for automatic unlock
Admin-Initiated Password Reset
When to Use
- User cannot access their email
- User cannot receive SMS verification
- Emergency situations
- Security concerns
Process for Administrators
-
Navigate to User Management
- Go to Settings > Users & Security > Users
- Find the user who needs password reset
-
Select User
- Click on the user's name
- Open user details panel
-
Reset Password
- Click "Reset Password"
- System generates temporary password
- Temporary password expires in 24 hours
-
Notify User
- Send temporary password to user via secure channel
- Instruct user to change password immediately
- User must change password on first login
Changing Password (Logged In)
Voluntary Password Change
-
Go to Account Settings
- Click on your profile icon
- Select "Account Settings"
- Navigate to "Security" tab
-
Change Password
- Enter current password
- Enter new password
- Confirm new password
- Click "Change Password"
-
Confirmation
- Password changed successfully
- All other sessions are invalidated
- You may need to log in again
Forced Password Change
Administrators can force users to change passwords:
- Navigate to User Management
- Select user(s)
- Click "Force Password Change"
- User must change password on next login
- Useful for security incidents
Security Considerations
Reset Link Security
- Reset links are single-use
- Expire after 1 hour
- Invalidated after use
- Cannot be reused
Verification Code Security
- 6-digit codes expire after 10 minutes
- Resend cooldown: 60 seconds
- Maximum attempts: 3 per session
- Account lockout after failed attempts
Session Invalidation
- All sessions invalidated after password change
- Prevents session hijacking
- Forces re-authentication
- Protects account security
Troubleshooting
Reset Email Not Received
Check:
- Spam/junk folder
- Email address is correct
- Email service is not blocking
Solutions:
- Wait a few minutes for delivery
- Request new reset link
- Try SMS verification instead
- Contact support if issue persists
Reset Link Expired
Cause:
- Link was sent more than 1 hour ago
- Link was already used
- Multiple reset requests were made
Solution:
- Request a new reset link
- Use the link immediately after receiving
- Don't request multiple resets
Verification Code Not Working
Check:
- Code entered correctly
- Code hasn't expired (10 minutes)
- Using correct phone number
Solutions:
- Request new code after cooldown
- Try email verification instead
- Verify phone number is correct
- Contact support if issue persists
Cannot Reset Password
Possible Causes:
- Account is disabled/suspended
- Email/phone not verified
- Organization restrictions
- Security hold on account
Solutions:
- Contact your administrator
- Verify account is active
- Complete account verification
- Contact QoBooks support
Password Not Accepted
Check:
- Meets all requirements
- No typos
- Not previously used (if enforced)
Solutions:
- Review password requirements
- Use a password manager
- Try a different password
- Contact administrator if restricted
Security Tips
After Password Reset
- Update password managers
- Log out from all devices
- Enable MFA if available
- Review recent account activity
- Report any suspicious activity
Preventing Future Issues
- Use a password manager
- Enable MFA for extra security
- Keep recovery email/phone updated
- Don't share credentials
- Use unique passwords per account
If Account is Compromised
- Reset password immediately
- Enable MFA
- Review account activity
- Check connected devices
- Contact support
- Inform administrator
Administrator Guidelines
Password Policies
- Enforce minimum password complexity
- Set password expiration (optional)
- Prevent password reuse
- Require MFA for sensitive roles
- Regular security audits
Monitoring
- Track password reset requests
- Monitor failed login attempts
- Review account lockouts
- Audit permission changes
- Investigate suspicious activity
Support
- Provide clear reset instructions
- Offer multiple verification methods
- Respond quickly to reset requests
- Document security incidents
- Train users on security best practices