Password
The Password page is where you change the password you use to sign in to SecurityTrax. You need to know your current password to change it — SecurityTrax doesn't let you reset your password by just knowing your username.
The page heading is "Update password" with the subheading listing the password rules:
"Password requirements: between 7 and 40 characters. Must have at minimum: 1 uppercase letter, 1 lowercase letter, and 1 number."
Getting here
- From Profile or any other Settings page, click Password in the Settings sub-nav.
- Or navigate directly to
https://portal.securitytrax.com/acme/settings/password.
This route is specifically excluded from the "password-is-not-expired" middleware — if your password has expired, SecurityTrax still lets you onto this page so you can update it. Every other page would redirect you back here until you do.
Forced password change banner
If your administrator has flagged your account as requiring a password change on next login, a red callout appears above the form:
- Heading: "Password Change Required".
- Body: "You are required to change your password at this time. Once you have changed your password, you will be able to continue."
This is common on new accounts (first login requires setting your own password) or after an admin has reset your password. Once you submit a new password here, the flag clears and you can use the rest of the app normally.
Form fields
| Field | Required? | Type | Validation | Notes |
|---|---|---|---|---|
| Current Password | Yes | Password | Must match your current password hash | Guards against a bystander changing your password if they find your screen unlocked. Wrong value returns: "Current password does not match". |
| New Password | Yes | Password | Must meet complexity rules (see below) and not match existing password | Hidden by default; use the show/hide icon to reveal. |
| Confirm Password | Yes | Password | Must exactly match New Password | Wrong confirmation returns: "Password and confirmation do not match". |
Complexity rules
SecurityTrax enforces these rules on the new password:
- Length: 7–40 characters.
- At least one uppercase letter (A–Z).
- At least one lowercase letter (a–z).
- At least one digit (0–9).
Special characters aren't required but are allowed. Spaces are allowed.
If your password fails the rules, you'll get: "The provided password does not meet the password requirements." with a specific list of which rules failed appended.
Tip. A phrase of three short unrelated words with a capital letter and a digit (
SunsetRabbit7boxes) is easier to remember and stronger than a single word with a character substitution (P@ssw0rd).
Saving
Click Save at the bottom.
On success:
- All three password fields clear immediately.
- SecurityTrax records your password change — the forced-change flag clears, and your last-password-change timestamp updates.
- You're redirected back to Profile (
/settings/profile). - A success toast appears: "Your changes have been saved."
On failure, inline errors appear under the specific field(s) that failed.
What to do if you've forgotten your current password
You can't change your password from this page without knowing the current one. Instead:
- Sign out (user menu → Log Out).
- On the login screen, click Forgot password?.
- Enter your username and click Reset.
- SecurityTrax emails a password-reset link to the email on your Profile.
- Follow the link to set a new password.
If your email on Profile is wrong or empty, the reset email won't reach you. In that case, ask your administrator to reset your password directly.
Effect on other sessions
Changing your password doesn't immediately log out other sessions you've left signed in — those sessions stay active with their existing cookie. To see where else you're signed in (and optionally end those sessions), use Login Activity.
Related
- Profile — make sure your email is correct so password-reset messages reach you.
- Login Activity — review recent sign-ins and end sessions on other devices.
- Logging In — what happens after your password changes.