Passwords - how to set (or reset) user passwords

This article contains guidance both for admins who want to reset their own password or site admins looking to help other people set or reset their password.

The following will be covered:

How do I reset my password?

When logged into Citizen Space, you will see your full name in the top right-hand corner of the screen. If you select it, you will be given a menu with ‘My Profile’ and ‘Log out’ options. Selecting ‘My Profile’ will take you to your user profile where there is a ‘Change password’ option. You must enter your current password for security, and then enter your new password twice to confirm it.

User Profile page with Change password link highlighted.

If you don't remember your current password, you'll need to go to the log in page of Citizen Space (and log out if you're currently logged in) and select the link 'Forgotten your password?'. You can then enter your email address to receive an email with a link to reset your password.

Login form with Forgotten password highlighted.

I am a site admin - how do I help another admin set or reset their password?

If you're adding a new user:

When you add a new admin user, from their user's profile page select the 'Send account setup email' link and then trigger the automated email by selecting the button to notify them of their login details and invite them to set up their account.

The link to set up their password is active for 3 days. If they do not complete the set up steps then you will need to re-trigger the automated email or the user can use the 'Forgotten your password?' link from the login screen.

How to reset a user password 

You'll need to log out of Citizen Space to do this, but before you do that, we recommend making a note of the email addresses of each user for whom you need to generate a password. Then log out.

  1. Visit the log in page (this will be <yourCitizenSpaceURL/login>). You'll see the standard log in screen. Select the 'Forgotten your password?' link underneath the log in box.
Login form with Forgotten password highlighted.
  1. Enter the email address of the user whose password you want to reset and then select Continue. The email address field is not sensitive to upper/lower case letters.
Forgotten password form.

An automatic password reset email will then be sent to the user's inbox. It will come from your site email address, and will read a little something like this:

Someone requested that the password to your account at 'Citizen Space site name' be reset.

If this was not you, you may safely ignore this mail. If you wish to proceed and reset your password, please visit this address:

This password reset request will expire in 24 hours on [date] [time].

Note that there is an expiry on the link. The content of the password reset email is not editable.

This link will take the user to the 'set your password' page, where they can enter their new password:

Password reset prompt. Screenshot.

  1. Once you're done, you can log back into Citizen Space as yourself to carry on using the site.

Note: It is not possible for Site Admins to manually change passwords for other users. 

Helping users set or re-set 2-Factor Authentication (2FA) tokens

If you have 2FA enabled on your site and a user has this set up on their account, in order to log in they will need to enter their email and password, followed by a time-based, one-time passcode which is generated by a linked authentication app or device.

How to set up 2FA on an account is dealt with in this guide.

If you’re having problems accessing a 2FA passcode via your authenticator app/device, this will need to be dealt with by a Site Admin or your organisation’s IT team. This is because the app/device used to authenticate will be managed by your organisation, so your colleagues can hopefully help to get the device or application working or explain how to use it.

If the linked authenticator has been lost or isn’t working, a Site Admin can log in and turn off 2FA on any user account, so the person can log in without the need for a 2FA passcode. Head to the user’s profile, and select to ‘Disable 2FA’. If you are a Site Admin in this predicament then you’d need to ask a fellow Site Admin to do the disabling for you, or if all else fails you may need to email us via support to disable it (though if you ask us to do this, we may need to do a few more security checks to make sure you’re you). When an authenticator app or device can be accessed again, 2FA can be re-set on the account.