Requesting a new password
-
To request a new password, visit
https://HOSTNAME/password_reset
. -
Enter the email address associated with your account, then click Send password reset email. The email will be sent to the backup email address if you have one configured.
-
We'll email you a link that will allow you to reset your password. You must click on this link within 3 hours of receiving the email. If you didn't receive an email from us, make sure to check your spam folder.
-
If you have enabled two-factor authentication, you will be prompted for your 2FA credentials:
- Type your authentication code or one of your recovery codes and click Verify.
-
If you have added a security key to your account, click Use security key instead of typing an authentication code.
-
- Type your authentication code or one of your recovery codes and click Verify.
-
In the text field under Password, type a new password. Then, in the text field under Confirm password, type the password again.
-
Click Change password. For help creating a strong password, see Creating a strong password.
Tip
To avoid losing your password in the future, we suggest using a secure password manager.
Changing an existing password
- Sign in to GitHub Enterprise Server.
- In the upper-right corner of any page on GitHub, click your profile photo, then click Settings.
- In the "Access" section of the sidebar, click Password and authentication.
- Under "Change password", type your old password, a strong new password, and confirm your new password. For help creating a strong password, see Creating a strong password.
- Click Update password.
Tip
For greater security, enable two-factor authentication in addition to changing your password. See About two-factor authentication for more details.
Updating your access tokens
See Reviewing and revoking authorization of GitHub Apps for instructions on reviewing and deleting access tokens. To generate new access tokens, see Managing your personal access tokens.
If you have reset your account password and would also like to trigger a sign-out from the GitHub Mobile app, you can revoke your authorization of the "GitHub iOS" or "GitHub Android" OAuth app. This will sign out all instances of the GitHub Mobile app associated with your account. For additional information, see Reviewing and revoking authorization of GitHub Apps.
Updating your SSH keys
See Reviewing your SSH keys for instructions on reviewing and deleting SSH keys. To generate and add new SSH keys, see Connecting to GitHub with SSH.
Resetting API tokens
If you have any applications registered with GitHub Enterprise Server, you'll want to reset their OAuth tokens. For more information, see the PATCH /applications/{client_id}/token
endpoint in REST API endpoints for OAuth authorizations.
Preventing unauthorized access
For more tips on securing your account and preventing unauthorized access, see Preventing unauthorized access.