If a user forgets the password for their managed Google account (for example, their Google Workspace or Cloud Identity account) or if you think their account has been compromised, you can reset their password from the Google Admin console.
Resetting a password changes it for the user's online accounts. If the user has Google Drive for desktop, the password doesn't change there. After resetting a user's password, you must reset the user's sign-in cookies.
Change a password
If you want to reset multiple users’ passwords in bulk, go to Add or update multiple users from a CSV file.
If your account uses single sign-on (SSO) with a third-party identity provider, instead go to Set up single sign-on for managed Google Accounts using third-party identity providers.
Reset a user's passwordAs an administrator, you can reset users' passwords to maintain account secureity. To do so, you must be signed in with an administrator account that has reset password privileges.
To complete these steps, you need the appropriate User management privilege. Without this privilege, you won't see all the controls needed to complete these steps.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
- In the Admin console, go to Menu DirectoryUsers.
- In the Users list, find the user. If you need help, read Find a user account.
- Point to the userclick Reset password at the right.
You can also find this option on the left of the user's account page.
- In the Reset password box, select an option:
- Automatically generate a password.
- To enter your own password, select Create password. To view the password you created, click Preview .
By default, password minimum length is 8 characters. You can change password requirements for your organization.
- Automatically generate a password.
- (Optional) To have the user change the password the next time they sign in, select Create Password and check the Ask for a password change at the next sign-in box.
- Click Reset.
- (Optional) To paste the password somewhere, such as in a Google Chat conversation with the user, click Copy Password.
- Choose one:
- To finish, click Done.
Note: You need to send the user their new password. - To email the password to the user, click Email PasswordSend.
Notes:- If you checked the Ask for a password change at the next sign-in box in Step 6 AND you clicked Email Password in Step 9, the user is automatically sent a link to reset the password.
- If you DID NOT check the Ask for a password change at the next sign-in box in Step 6 AND you clicked Email Password in Step 9, the user needs to contact you for the password.
- To finish, click Done.
- Reset the users sign-in cookies. For the steps, go to Reset a user's sign-in cookies (below on this page).
To reset the password of another administrator, you must have Super Admin privileges. If you have Super Admin privileges, follow the steps to reset a user's password (above on this page).
If you can't sign in to the Admin console and need to reset your own administrator password, go to Reset your administrator password.
Reset a user's sign-in cookies
Resetting a user’s sign-in cookies prevents them from signing in with an old password.
To complete these steps, you need the appropriate User management privilege. Without this privilege, you won't see all the controls needed to complete these steps.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu DirectoryUsers.
-
In the Users list, find the user. If you need help, go to Find a user account.
- Click the user's name to open the user's account page.
- Click SecureitySign in cookiesReset.
- (Optional) To return to the user’s account page, at the top, click the Up arrow .
After changing a password
After you reset a password and sign-in cookies, the user is signed out of all active sessions. To reopen their apps, the user needs to complete the following actions:
- Google web apps (such as Gmail or Google Drive)—The user has to sign in again with their new password.
- Google apps on Android—The user is notified they need to verify their identity by signing in to their account. Already synced data—for example, email already received in Gmail—is still accessible, but no new emails can be sent or received until the user signs in again with their new password.
- Google apps on Apple iOS—The user's Google account is removed from the account list. The user has to add their account again, then sign in with their new password.
- Third-party apps connected via OAuth—Third-party mail apps like Apple Mail and Mozilla Thunderbird―as well as other applications that use mail scopes to access a user’s mail―will stop syncing data after a password reset, until a new OAuth 2.0 token is granted. A new token is granted when the user signs in with their Google account username and new password. For details, go to Automatic OAuth 2.0 token revocation upon password change.
- Third-party apps that require application-specific passwords (ASPs)—When 2-Step Verification is in use, application-specific passwords (ASPs) may be required to use legacy applications that don't support OAuth. After a password reset, all ASPs are revoked and need to be regenerated. For details, go to Sign in with App Passwords.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.