Appearance
Change Password
Update your AttackLens login password from the Profile page. Regularly changing your password is a security best practice, and you should change it immediately if you suspect it has been compromised.
INFO
If your organization uses SSO/SAML for authentication, your password is managed by your identity provider. The change password option is not available for SSO accounts. Contact your IT administrator to change your IdP password.
Step 1: Navigate to Profile
Click your avatar or name in the top-right corner of the application, then select Profile from the dropdown menu.
Step 2: Click Change Password
Click the Change Password button on the Profile page.
Step 3: Enter Your Current Password
In the Current Password field, enter the password you are currently using to sign in. This verifies your identity before allowing the change.
WARNING
If you have forgotten your current password and cannot sign in, ask a Super Admin to reset your password from the Team Management page. See Manage Users for details.
Step 4: Enter Your New Password
In the New Password field, enter your desired new password. The password must meet the following complexity requirements:
| Requirement | Details |
|---|---|
| Minimum length | 8 characters |
| Uppercase letter | At least one (A-Z) |
| Lowercase letter | At least one (a-z) |
| Number | At least one (0-9) |
| Special character | At least one (e.g., `!@#$%^&*()-_=+[]{} |
The password strength indicator provides real-time feedback as you type:
- Weak: Meets minimum requirements but is easily guessable.
- Fair: Meets requirements with moderate complexity.
- Strong: Long password with good mix of character types.
TIP
Use a password manager to generate and store a strong, unique password. A good password is at least 12 characters long and does not contain dictionary words, your name, or common patterns like 123456 or qwerty.
Step 5: Confirm Your New Password
In the Confirm New Password field, re-enter the new password exactly as you typed it above. The form validates that both entries match.
Step 6: Save
Click Save. If all validations pass:
- Your password is updated immediately.
- Your current session remains active -- you are not signed out.
- The next time you sign in, you must use the new password.
- An audit log entry is created recording that you changed your password (the password itself is never logged).
If validation fails, you will see an error message indicating the issue:
- Incorrect current password: Re-enter your current password.
- New password does not meet requirements: Adjust your new password to meet all complexity rules.
- Passwords do not match: Re-enter the confirmation password to match the new password.
Password Security
- Passwords are stored using a one-way cryptographic hash. AttackLens never stores your password in plain text.
- Password changes are recorded in the audit log for accountability, but the actual password values are never logged.
- Rate limiting is applied to password change attempts to prevent brute-force attacks on the current password field.
When to Change Your Password
- Immediately if you suspect your password has been compromised.
- After initial account creation if a Super Admin set a temporary password for you.
- Periodically as part of your organization's security policy (e.g., every 90 days).
- When leaving shared environments if you signed in on a shared workstation.