Reset Password | Account Recovery - Zoho Accounts

How to reset password


Info
Note
If you still remember your password and only wants to change it, follow the instructions to change password. This article explains the steps to reset a forgotten password.

Prerequisites

  1. Access to a recovery email address or mobile number associated with your Zoho account in order to verify your identity. If you have a recovery device (i.e., OneAuth without MFA enabled), you can also use it verify your identity. If you're an organization admin, and there's a domain added and verified with your Zoho organization, you can use it to verify as well. 
  2. Able to complete MFA verification if your account is secured with MFA.

Steps to reset password

  1. Go to the Forgot Password page (or go to the sign-in page, then click Forgot Password).
  2. Enter your email address or mobile number, then click Next.
  3. Enter the CAPTCHA, then click Next.
  4. Click Continue to reset password.

  5. Verify your identity using a recovery option you’ve configured for your account. For detailed instructions, refer below:
    6. Verify using an OTP sent to email address
    1. Click Send OTP. It will be sent to the email address you initiated the request with. If you prefer to verify using a different email address associated with your account, you can select it from the list of available email addresses on the page.
    2. If asked, enter the full email address to send OTP.
    3. Enter the received OTP, then click Verify.
    Verify using an OTP sent to mobile number
    1. Click Send OTP. It will be sent to the mobile number you initiated the request with. If you prefer to verify using a different mobile number associated with your account, you can select it from the list of available numbers on the page.
    2. If asked, enter the full mobile number to send OTP.
    3. Enter the received OTP, then click Verify.
    Verify using a push notification sent to recovery device
    1. If asked, click Verify using device. A push notification will be sent to your recovery device.
    2. Approve the request from OneAuth to verify.
    Verify by proving the ownership of your domain
    1. Click View all options.
    2. If asked, click Verify via domain. Instructions will be shown.
    3. Go through the instructions, then click Proceed.
    4. If asked, select a domain to proceed with.
    5. Enter the full domain name, then click Next.
    6. Select one of the methods shown to prove domain ownership. The options are:
      1. Add a TXT record in your domain host.
      2. Add a CNAME record in your domain host.
      3. Upload a HTML file to the root directory of your website.
    7. Enter an email address to which you want to receive further instructions on how to prove domain ownership, then click Send Email.
    8. Follow the instructions in the email sent.
    9. Click the Change Password link in the email. We will validate if the DNS record/HTML file is added.
      1. If it is added, a success message will be shown. You can continue with changing your password.
      2. If it is not added, an error message will be shown. It is possible that the record you’ve added hasn’t been propagated to all the DNS servers yet, as it depends on the TTL value. Wait for some time, then try refreshing the page.

  6. If you’ve enabled multi-factor authentication (MFA) for your account, complete the MFA verification to continue.
  7. Enter your new password and re-enter to confirm, then click Change Password.
  8. If needed, terminate the sessions/API tokens, then click Continue.
  9. Sign in to your account using the new password.

How organization admins can reset password for users

If you're an administrator of an organization, you can reset password for your users who aren't able to reset it themselves. The apps listed below provides the option to reset users' passwords. For instructions on how to do so, click on the respective app name.
  1. Zoho Directory (Recommended for admins who want to manage users across apps from a single place)
  2. Zoho One
  3. Zoho Mail
  4. Zoho Cliq

Troubleshooting

If you have any issue while verifying your identity, go through this troubleshooting section and check if you can resolve it. If you're still unable to verify, write to us at  support@zohoaccounts.com

Issue with email address or mobile number verification


Issue

Solution


I don't remember my email address/mobile number to enter it.

  • See if you can identify it using the semi-hidden email address/mobile number shown on the page. 
  • If you have other recovery modes available, verify using them.  


I have lost access to my recovery email address/mobile number



  • If you have other recovery modes available, verify using them.  

Getting "Enter a valid email address/mobile number" error

  • Check if you have entered the correct email address/mobile number that is shown semi-hidden on the page. 
  • If the error persists, verify using other recovery modes (if available). 



I'm not receiving OTP to my email address/inbox

  • Check your SPAM folder. Sometimes, the email could end up in SPAM. 
  • Wait for a few minutes. There could be a delay in receiving the email due to the mail server or your network provider. 
  • Try resending the OTP (after 30 seconds) and try again. 
  • If you have other recovery modes available, verify using them.  



I'm not receiving OTP to my recovery mobile number

  • Check if your network connection is stable.
  • Wait for a few minutes. There could be a delay in receiving the OTP due to the SMS provider or your network provider. 
  • Try resending the OTP (after 30 seconds) and try again. 
  • If you have other recovery modes available, verify using them.



My mobile number is not listed/shown as a verification option

  • Only recovery mobile numbers can be used for this  verification. If you have added a mobile number as your MFA number, that number will not be shown here. It will be available only for the MFA verification stage.



Getting "Incorrect OTP. Please try again" error

  • Check if you are entering the correct OTP sent to your inbox. 
  • If you have sent multiple OTP emails using the Resend OTP option, make sure you get the OTP from the latest email/SMS received. 
  • You can also use the RESET PASSWORD link present in the email below the OTP to reset your password. 



Issue with recovery OneAuth device verification


Issue

Solution


I have set up OneAuth for my account. But I have no option to verify using my device.

  • If you set up MFA using OneAuth, you can only verify using OneAuth during the MFA verification stage in recovery. The "Verify using device" option will not be present during this verification.


I'm not receiving push notification

  • It could be due to the default settings on your device. Go through our help article to change those settings.  



I cannot find the option to verify using QR/TOTP modes

  • For this verification, only push notification mode is available for the "Verify using device" option. QR code and TOTP modes won't be available.



Getting "Device authentication rejected/pending" error

  • Try sending another push to your device by clicking Resend Push
  • If you still receive the error, try verifying using other available modes.



Issue with domain verification


1. Domain ownership not proven yet
Your domain ownership verification could have been failed due to any of the following errors:
  1. Incorrect values 
  2. Longer TTL 
  3. Registrar conflict with the DNS provider

a. Incorrect values
Reason :
You may have incorrectly entered the CNAME values in the DNS Settings page of your domain.
Solution:
Verify whether you have entered the following information correctly in the DNS Settings page of your domain:

b. Longer TTL
Reason:
If the TTL value you have entered is higher than the value provided in the email, then the CNAME records you have added in your DNS provider might not be propagated during the verification process.
Solution:
Check the TTL value and try verifying after some time.

c. Registrar conflict with the DNS provider
Reason:
When you register the domain with one provider, but point the name servers to another provider, then the CNAME records added in your domain registrar are not considered valid. This is because you might have changed the DNS provider (either accidentally or for hosting your website), or your previous email provider configuration.
Solution:
The CNAME records added in the provider where the name servers are pointed will be effective and valid. To check this, do one of the following:
  • Do a 'NameServer' lookup for your domain to check where your domain is hosted.
  • Check with your domain registrar or the technical contact for your domain to know where the name servers are pointed.

2. Maximum number of emails limit reached. Try again later.
Reason:
If you have tried sending instructions (i.e., email with domain verification instructions) multiple times, we will not send further emails for the next 24 hours. This is to avoid email spamming.
Solution:
  • You can use the already received email with the CNAME records.
  • If you want to send instructions to a different email ID, but have sent multiple instructions already, you can try again after 24 hours.
  • You can try verifying using the alternate recovery options, if available.