A strong password is your first line of defense. This guide covers password requirements, how to reset a forgotten password, and best practices for password security.
Password Requirements
Zenovay passwords must meet these criteria:
| Requirement | Minimum |
|---|---|
| Length | 12 characters |
| Uppercase letters | 1 |
| Lowercase letters | 1 |
| Numbers | 1 |
Strong Password Tips
For better security, consider:
- 16+ characters
- Mix of letters, numbers, symbols
- No dictionary words
- No personal information
- Unique to Zenovay (not reused)
Use a Password Manager
Password managers like 1Password, Bitwarden, or Dashlane generate and store strong, unique passwords for each site.
Resetting a Forgotten Password
If you can't remember your password:
Go to Sign In
Navigate to auth.zenovay.com.
Enter Your Email
Type the email address on your Zenovay account and continue to the password step.
Click Forgot Your Password
On the password screen, click the Forgot your password? link.
Confirm and Send
Click Continue to send a reset email to that address.
Check Your Email
Look for the password reset email from Zenovay. If it isn't in your inbox, check your spam folder.
Open the Reset Link
Click the link in the email. It takes you to a page where you can set a new password.
Create New Password
Enter your new password. It must meet the requirements above.
Sign In
Use your new password to sign in. MFA will be required if you have it enabled.
Password reset links are single-use and expire after a short period for security. If yours has expired, just request a new one.
Changing Your Password
You can change your password from inside the app:
Open Profile Security
Go to Profile → Security.
Find the Password Section
Locate the Password section.
Request the Change
Click the button to change your password. Zenovay sends a reset email to your account address.
Set Your New Password
Open the email, click the link, and choose a new password.
Changing your password is handled through a secure email link rather than an in-app form. This keeps the flow safe even if you're already signed in on a shared device.
Password Security
What Makes a Weak Password
Avoid these common mistakes:
- Dictionary words: "password", "welcome"
- Personal info: birthdays, names, pet names
- Simple patterns: "123456", "qwerty", "abc123"
- Keyboard patterns: "asdfgh", "1qaz2wsx"
- Previously breached passwords
Built-in Checks
When you set a password, Zenovay shows a requirements checklist as you type so you can see when your password is long enough. Zenovay also checks your password against known data-breach lists and warns you (without blocking you) if it appears in a public breach — so you can pick a safer one.
Have I Been Pwned?
If you want to check a password yourself:
- Visit haveibeenpwned.com/Passwords
- Enter your password (securely hashed, never stored)
- If found, change it immediately
Password with Social Login
If you signed up with Google or GitHub, you log in through that provider and don't have a Zenovay password by default.
Adding a Password
To add an email-and-password login alongside your social account, request a password reset for your account email (see Resetting a Forgotten Password above). The reset link lets you set a password, after which you can sign in with email and password as well.
Why Add a Password?
- Backup login method if your social provider is unavailable
- Enables the email/password sign-in option
Troubleshooting
Reset Email Not Received
- Check spam/junk folder
- Verify you're using the correct email
- Wait a few minutes (delivery can be delayed)
- Try requesting again after a couple of minutes
Reset Link Not Working
- Links expire after a short period
- Each link can only be used once
- Request a new reset link
- Clear browser cache and try again
"Password Already Used"
If your account belongs to an organization with a password-history policy, you can't reuse a recent password:
- Use a genuinely new password
- Don't cycle through old passwords
- Consider using a password manager
Password Not Accepted
If your new password is rejected:
- Ensure it meets all requirements (at least 12 characters with upper, lower, and a number)
- Avoid common or breached passwords
- Try a longer, more complex password
- Check for leading/trailing spaces
Account Locked
Too many failed sign-in attempts will temporarily lock your account. The lock clears automatically — the first lockout lasts about 5 minutes, and repeated lockouts last progressively longer (up to an hour). If you're locked out, you can also reset your password instead of waiting, or contact support for persistent issues.
Password and MFA
Password changes don't affect MFA:
- Your authenticator app continues working
- Security keys remain valid
- Backup codes remain valid
If you suspect your account is compromised, change both your password and regenerate MFA backup codes.
Best Practices
Do
- Use a unique password for Zenovay
- Use a password manager
- Enable MFA for extra security
- Change password if you suspect compromise
- Log out from shared devices
Don't
- Reuse passwords across sites
- Share your password
- Write passwords in plain text
- Use obvious personal information
- Ignore breach notifications
Enterprise Password Policies
Enterprise PlanOrganizations can enforce stricter password policies, including:
- Minimum password length
- Complexity requirements (uppercase, lowercase, numbers, symbols)
- Password expiration
- Password history (prevent reuse)
- Required multi-factor authentication
Password vs Passkeys
The industry is moving toward passkeys, which eliminate passwords entirely. Zenovay supports WebAuthn passkeys for stronger, passwordless sign-in. See WebAuthn Setup.
Next Steps
- Set up MFA for additional security
- Review security best practices
- Account recovery options