If you forget your password, Apex Rental Pro provides a self-service password reset flow via email. Admins can also reset any user's password directly from the user management screen without needing the user's old password.
This works for any user who has an email address on file.
- Go to the login page and click Forgot Password.
- Enter your email address.
- Click Send Reset Link.
- Check your email for a reset link. The link is valid for 1 hour.
- Click the link in the email.
- Enter your new password (minimum 4 characters).
- Click Reset Password.
- You're now logged in with your new password.
Admins can set a new password for any user without needing the user's current password:
- Navigate to Settings > Users (or Employees).
- Click the edit icon on the user you want to reset.
- Enter a new password in the Password field.
- Click Save.
The user's password is updated immediately. The user should be notified to log in with the new password.
Users can also change their own password:
- Navigate to Account Settings (from the user menu or settings).
- Enter your current password for verification.
- Enter and confirm your new password.
- Click Save.
- Email is required for self-service reset: If a user's account has no email address set, the self-service reset flow won't work — there's nowhere to send the reset link. An admin must reset the password manually in this case.
- Reset links expire in 1 hour: If the user doesn't click the reset link within 1 hour, they'll need to request a new one. The old link becomes invalid once a new one is requested.
- Reset links are single-use: Once a reset link is used to set a new password, it's invalidated and can't be reused.
- Minimum password length: Passwords must be at least 8 characters. There's no complexity requirement, but encourage users to choose something secure.
- Sessions are not invalidated on password change: Changing a password does not force other active sessions to log out. If you're changing a password due to a security concern, ensure the affected account doesn't have other active sessions by asking the user to log out from all devices.