Security
Change Password
If you want to change your account password, you can change it by signing in to accounts.zoho.com. However, if you've forgotten your password and unable to sign in, then you will need to reset your password.
Note:
By default, Zoho enforces users to set a password with the following criteria:
- Should be at least 8 characters.
- Should not contain parts of the user's email address, first name, or last name.
- Should not contain consequent characters (such as "000") or sequential characters (such as "123", "abc").
- Should not be a breached password. When you enter a password, we will check if it is found in any previous breaches using Troy Hunt's breached password collection. If it was, we will prompt you to enter a different password.
To change your password:
- Sign in to accounts.zoho.com.
- Click Security in the left menu.
- In the Password section, click Change Password.
- Enter your current password and the new password in the respective fields.
- Re-enter your current passphrase in the Confirm New Password field.
- Click Change Password.
- You will be asked if you want to terminate your active sessions. If yes, then select it and click Terminate. You can also choose to revoke access to your connected apps if you've granted permission to them previously.
Note: If your organization administrator has enabled custom SSO authentication for your account, then you won't be allowed to change your password. Contact your administrator for more information.
In addition to securing your Zoho account via passwords and multi-factor authentication, there is a slew of measures you can follow to ramp up your account security.
Allowed IP address
The Allowed IP address is an IP address or a range of IP addresses you can set up for your Zoho account to restrict account access. Once configured, you will not be able to sign in to your account via a different IP address.
To set up an allowed IP address for your Zoho account:
- Sign in to your Zoho account.
- Click Allowed IP Address under Security.
- Click Add Allowed IP Address.
- You can either select your current IP address, or manually enter the IP address that is allowed to access your Zoho account. You can also choose a range of IP addresses as allowed IP addresses.
- Click Next.
- Optionally, you name the IP address, then click Add.
Make sure that the IP address you provide is a static IP address. The dynamic IP addresses change and you might get locked out of your account.
To disable IP restriction for your Zoho account:
- Sign in to your Zoho account via the IP address you have configured.
- Click Allowed IP address under Security.
- Click the IP address you want to remove, then click Delete.
Application-Specific Passwords
Application-specific passwords are 12-character passcodes that give an app permission to access your Zoho Mail from various email clients (such as Microsoft Outlook, Mozilla Thunderbird, etc.), Jabber clients, and standalone applications.
If you have enabled multi-factor authentication (MFA):
- You cannot use your Zoho account password directly to access POP/IMAP email clients.
- You must use an application-specific password to access those applications. This is because even if the email client is compromised, you can still protect your Zoho account by revoking the application-specific password you generated for the email client.
We recommend using application-specific passwords for your email clients even if you haven't enabled MFA for your Zoho account.
To generate an application-specific password for your Zoho account:
- Sign in to your Zoho account.
- Click Application Specific Passwords under Security.
- Click Generate New Password.
- Enter a name for the application you want to create a password for, then click Generate.
- Make a note of the generated password, as for security purposes it will not be displayed again.
To use this password and sign in to your client app, simply enter this password in your client instead of your account password. Your username remains the same.
Device Sign-ins
Device Sign-ins provides you a list of devices you have used to sign in your Zoho account. Each device in the list will provide you information, such as the name of the browsers you've signed in and the time of the account sign in.
To remove a browser session from your device:
- Sign in to your Zoho account.
- Click Device Sign-ins under Security.
- Click the device you want to view.
- Click
of the browser you wanted to remove.
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
You're not allowed to sign in using this IP address.
What happened? You will encounter this error if IP restriction is enabled for your account and you are trying to access your account from an IP address which is not allowed. When IP restrictions are enabled for your account, you can access your ...How to remove IP restriction
Prerequisites Access to a recovery email address or mobile number associated with your Zoho account in order to verify your identity. If you have a recovery device (i.e., OneAuth without MFA enabled), you can also use it verify your identity. If ...IP Restrictions
What is meant by IP address? Internet Protocol address, abbreviated as IP address, is a unique series of numbers used to identify a device or a network. These addresses can be used to know where information is being sent and received over the ...Troubleshoot Sign-in related error messages
Error When will this error occur? How to resolve This account cannot be found. Please use a different account or sign up for a new account. When your account is closed and the email address is no longer active with Zoho, or when you're trying to ...Smart Sign-in using OneAuth
Smart Sign-in is a secure and seamless way to sign-in to your Zoho account just by scanning a QR Code using Authenticator app - OneAuth. No need to type in your username or password. How to use Smart Sign-in Important: You need Zoho's Authenticator ...
New to Zoho LandingPage?
Zoho LandingPage Resources