Change own password
An authenticated user changes their own password.
When this happens: You go to Profile — Security — Change Password.
Step by step
- 1
Go to Profile — Security — Change Password.
EasyCRM shows the Change Password form: Current Password, New Password, Confirm New Password.
- 2
Enter current password, new password, and confirms new password.
- 3
Click Change Password.
EasyCRM verifies the current password against the stored hash. EasyCRM checks the new password against the password policy (length, complexity rules). EasyCRM checks the new password against password history (not one of the last 5 passwords). EasyCRM checks that New Password = Confirm New Password. Hashes the new password (bcrypt, cost ≥ 12) and saves it. EasyCRM stores the old hash in password history. Invalidates all existing refresh tokens except the current session. EasyCRM sends email: Your password was changed on [date/time]. If this wasn't you, contact your administrator immediately EasyCRM shows success: Password changed successfully.
If something goes wrong
Current password incorrect
If current password does not match. EasyCRM shows: Current password is incorrect
Password policy violation
If new password fails policy. EasyCRM shows inline errors for each unmet rule.
Password history violation
If new password matches a recent password. EasyCRM shows: You cannot reuse your last 5 passwords
Passwords don't match
If New Password ≠ Confirm New Password. EasyCRM shows: Passwords do not match
Good to know
- Password must satisfy all active policy rules.
- Password history: last 5 passwords cannot be reused.
- All other sessions invalidated after password change.