- To request a new password, visit https://github.com/password_reset.
- Enter the email address associated with your account on GitHub.com, then click Send password reset email. The email will be sent to the backup email address if you have one configured.
- We'll email you a link that will allow you to reset your password. You must click on this link within 3 hours of receiving the email. If you didn't receive an email from us, make sure to check your spam folder.
- If you have enabled two-factor authentication, you will be prompted for your 2FA credentials. Type your 2FA credentials or one of your 2FA recovery codes and click Verify.
- Type a new password, confirm your new password, and click Change password. For help creating a strong password, see "Creating a strong password."
When you type a password to sign in, create an account, or change your password, GitHub Enterprise Cloud will check if the password you entered is considered weak according to datasets like HaveIBeenPwned. The password may be identified as weak even if you have never used that password before.
GitHub Enterprise Cloud only inspects the password at the time you type it, and never stores the password you entered in plaintext. For more information, see HaveIBeenPwned.
- Sign in to GitHub Enterprise Cloud.
- In the upper-right corner of any page, click your profile photo, then click Settings.
- In the left sidebar, click Account security.
- Under "Change password", type your old password, a strong new password, and confirm your new password. For help creating a strong password, see "Creating a strong password"
- Click Update password.
For greater security, enable two-factor authentication in addition to changing your password. See About two-factor authentication for more details.
If you have any applications registered with GitHub Enterprise Cloud, you'll want to reset their OAuth tokens. For more information, see the "Reset an authorization" endpoint.
For more tips on securing your account and preventing unauthorized access, see "Preventing unauthorized access."