Clickport
Start free trial
Dashboard Engagement Tracking Session Tracking Goal Conversions Filtering & Segments Privacy First Real-Time Analytics Bot Protection vs Google Analytics vs Matomo vs Cloudflare All comparisons
For Bloggers For Publishers For Affiliates For E-commerce For SaaS For Agencies
How It Works Blog Updates Documentation UTM Builder GDPR Checker GA4 Data Loss Estimator GA Legal Status GA Problems WordPress Analytics Bot Traffic AI Traffic Ecommerce Analytics Comparisons WordPress Custom Events About Contact Status

Change password

The "Change password" card in Security settings handles two related cases. If your account already has a password, it changes the existing one. If you signed up via Google or GitHub and never set a password, the same card lets you set one for the first time. The card title flips between "Change password" and "Set a password" depending on which case you are in.

Changing an existing password

  1. Open Security settings and find the "Change password" card.
  2. Enter your current password.
  3. Enter your new password (minimum 8 characters).
  4. Re-enter the new password in the confirm field.
  5. Click Change password.

On success, every other login session is signed out immediately. You stay signed in on the device where you submitted the form.

What stays the same after a password change

  • Your 2FA setup. The TOTP secret and recovery codes are not touched.
  • Your linked Google or GitHub accounts. Disconnect or reconnect those separately from Connected accounts.
  • Your sites, goals, custom events, share links, and API keys.

Setting a password for the first time

If you signed up with Google or GitHub, the card is titled "Set a password" and there is no "Current password" field, because there is nothing to confirm against. Just enter your new password twice and click Set password.

After this:

  • The card flips to "Change password" and starts asking for the current one going forward.
  • You can sign in with email + password as a second login method, alongside Google or GitHub. Nothing about your OAuth links changes.
  • Other features that need a password (changing email, deleting your account) become available.

Forgot your password

If you cannot sign in, use Forgot password? on the login page. We send a single-use reset link to your registered email. The link is valid for 1 hour.

A successful reset signs every session out across all devices, including any session that started the reset. You sign in fresh after.

Resetting your password does not disable 2FA. If 2FA is on, you still need your authenticator code (or a recovery code) at the next sign-in. See Two-factor authentication for what to do if you have lost both.

Password requirements

Minimum 8 characters. We do not enforce complexity rules (no "must contain a number, symbol, and uppercase" gating). Length is what matters; pick a long passphrase, or let your password manager generate one for you.

Common-password lists and credential-stuffing protection sit at the rate-limit layer, not the form-validation layer. We block repeat failed sign-ins on the same email after 5 attempts, with a 15-minute lockout.

Why we sign other sessions out. If you are changing your password because you suspect it leaked, the change is only useful when it kicks attackers off too. Leaving stale sessions alive after a credential change defeats the point of changing it.
Previous Change Email