Passwords
This page covers changing your password, resetting it if you forget it, the rules a password must meet, and what happens if your organisation sets passwords to expire.
Change your password
Section titled “Change your password”If you know your current password and just want to rotate it:
- Open Account & security from your profile.
- Choose Change password.
- Enter your current password, then your new password twice.
- Save.
Good to know:
- Your new password is checked against your organisation’s rules and against your recent password history, so you can’t immediately reuse an old one.
- A wrong current password is rejected and counts toward the lockout limit.
- After a successful change you stay signed in on this device, but you’re signed out of every other device for safety.
- You’ll get an email confirming the change (it contains no link).
Reset a forgotten password
Section titled “Reset a forgotten password”If you can’t sign in because you forgot your password:
- On the login page, choose Forgot password.
- Enter your email and submit. You’ll always see a generic confirmation: for privacy, the system never reveals whether an email is registered.
- If an account exists, you receive an email with a reset link.
- Open the link and set a new password that meets the rules.
- You’re taken back to login to sign in with the new password.
Reset links are single-use and valid for 30 minutes. Requesting a new reset invalidates any earlier link. If a link has expired or was already used, the page tells you and offers to send a fresh one. There is no SMS or one-time-code reset, only the email link. After a successful reset, all your existing sessions are signed out.
Password rules
Section titled “Password rules”Every new password (at activation, change or reset) must meet your organisation’s policy. By default that means:
- At least 8 characters, with at least one letter and one number.
- Common, trivial or known-breached passwords are rejected: so pick something unique to you.
Your organisation’s Org Admin may set stronger requirements (see below). The active rules are always shown on the change, reset and activation forms as you type. Rules are only checked when you set a new password, never when you sign in, so an existing valid password keeps working even after the policy changes.
For admins: the password policy
Section titled “For admins: the password policy”An Org Admin (or Villva) can tune the policy for the whole organisation within platform limits:
- Minimum length (platform floor 8, ceiling 128).
- Which character types are required (uppercase, lowercase, digit, symbol).
- Password history depth: how many past passwords can’t be reused.
- Expiry interval: 0 means never, otherwise 30-365 days, plus a warning window before expiry.
Policy changes apply only to newly set passwords; existing passwords keep working until the next change. Only admins can change the policy, and every change is recorded with a field-by-field difference.
Password expiry prompts
Section titled “Password expiry prompts”If your organisation sets a non-zero expiry interval:
- As expiry approaches, sign-in shows a soft notice with the days remaining, so you can change it proactively.
- Once a password is past its expiry, your next sign-in requires you to change it before continuing: you set a new password (checked against the rules and history) and then carry on normally.
- If expiry is set to never, you’ll see no prompts at all.