User Guide - User Password

This is where you can reset your password. Simple really!

We don't put any counter-intuitive restrictions or policies on your password, but we do still encourage strong passwords. Passwords need to be a minimum of 12 characters and they must pass a check against the Have I Been Pwned database. This uses a browser based implementation of k-Anonymity, which hashes only a part of your password, asks the HIBP database to lookup these records, then compares the returned hash(es) against a hash of the full password. This helps you avoid using passwords that are already part of a data breach, even if they may not be directly attributed to your username. It's a simpler (and arguably more effective) way of encouraging more secure passwords.

Read more about k-anonymity & HIBP here

TIP

We highly recommend using a password manager, or some other method of creating unique and complex passwords. A combination of alphabetical characters, numbers, and symbols generally results in the most complex passwords, but long passphrases that you can remember (but are hard to guess) can also be very effective.