Resetting a forgotten password

Click "forgot password" from sign-in, enter your email, and SALT sends a reset link. The link is valid for 6 hours. After resetting, you'll need your second factor (Multi-factor Authentication) too — password reset doesn't bypass MFA.

Updated Apr 29, 2026 For agency staff

In short: Click “forgot password,” enter your email, click the link in the email within 6 hours, set a new password. MFA still applies — have your authenticator ready.

Reset your password

  1. 1

    From the SALT sign-in screen, click “Forgot password” (or the equivalent recovery link).

  2. 2

    Enter the email address tied to your account.

  3. 3

    Check your email for a password reset message from SALT.

  4. 4

    Click the link. It opens a fresh password page.

  5. 5

    Set a new password (must meet SALT’s complexity requirements).

  6. 6

    Sign in with the new password.

  7. 7

    If you have Multi-factor Authentication enabled, complete the second factor as usual.

Reset links are valid for 6 hours from when they’re sent. After that, the link stops working — request a new one.

This window is intentionally short. Reset links bypass password authentication, so longer-lived links would be a meaningful security risk.

If the reset email doesn’t arrive

Common reasons:

  • Spam/junk folder — automated emails sometimes get filtered. Check there.
  • Wrong email — make sure you’re using the email tied to your SALT account.
  • Email delivery failures — if your account has a history of email bounces, sends may be suppressed.
  • Domain blocking — your email server may block SALT’s sender domain.

If you’ve checked these and the email still doesn’t arrive:

  1. 1

    Wait a few minutes — sometimes email delivery is delayed.

  2. 2

    Resend the reset request.

  3. 3

    If still no email, contact your IT or email provider to check whether SALT’s domain is being blocked.

  4. 4

    If the issue persists, contact SALT support — they can verify your account and assist.

Resetting someone else’s password

You generally can’t reset another user’s password directly. The standard flow is:

  • The user requests their own reset using “Forgot password”
  • They follow the email link
  • They set a new password

If a user has been compromised, an admin can disable their sign-in access to lock the account before the user resets. See Removing a user for related actions.

For users who can’t reset themselves (e.g. they no longer have access to the email tied to their account), contact support — they have recovery tools.

After resetting

  • All active sessions on your account are invalidated. Anyone signed in with your old password is signed out.
  • You’ll need to re-sign-in everywhere.
  • MFA setup is preserved — you don’t need to re-scan your authenticator.

Common questions

Can I see how many times my password has been reset? Account activity logs may show recent reset events to admins. Standard users see their own session history (where exposed).

My password reset worked, but I’m still seeing “invalid credentials.” What gives? Make sure you’re using the new password (not auto-filled-in old one) and that caps lock isn’t on. If still failing, request another reset.

Is there a way to make passwords last longer or never expire? SALT’s password policy is configured at the platform level. There’s no per-user override.

If I’m locked out, how do I get back in? Try password reset first. If that doesn’t work (email access is also lost, etc.), contact support with as much account information as you can provide.