If a user forgets the password for their managed Google account (for example, their G Suite or Cloud Identity account), or if you think their account has been compromised, you can reset their password from the Google Admin console.

These steps don't apply if your account uses single sign-on (SSO) with a third-party identity provider.

Change a password

Reset a user's password

As an administrator, you can reset users' passwords to maintain account security. To do so, you must be signed in with an administrator account that has.

To reset a user's password:

1. In your Google Admin console (at admin.google.com)...
2. Go to Users.
3. In the Users list, find the user.
4. Hover over the user you want to reset the password for and click Reset password at the right.

You can also find this option on the left of the user's account page.

1. Choose to automatically generate the password or enter a password.
   By default, password minimum length is 8 characters. You can change password requirements for your organization.
2. (Optional) To view the password, click Preview .
3. (Optional)To paste the password somewhere, such as in a Google Chat conversation with the user, click to copy password.
4. To email the password to the user, click Email Password, or click Done.

Reset an administrator's password

To reset the password of another administrator, you must have Super Admin privileges. If you have Super Admin privileges, follow the same steps as above for resetting a user's password.

If you can't sign in to the Admin console and need to reset your own administrator password, go to Reset your administrator password.

After changing a password

A user whose password has been reset is signed out of any active sessions, and has to sign in again using their new password. To regain access:

1. Google web apps (such as Gmail or Google Drive): the user has to sign in again with their new password, as they would after a session timeout.
2. Google apps on Android: the user is notified they need to verify their identity by signing into their account. Already synced data—for example, received Gmail—is still accessible, but no new emails can be sent or received until the user signs in again. 
3. Google apps on Apple^® iOS^®: The user's Google account is removed from the account list. The user has to add their account again, then sign in with their new password.
4. Third-party apps connected via OAuth: Third-party mail apps like Apple^® Mail^® and Mozilla^® Thunderbird^®―as well as other applications that use mail scopes to access a user's mail―will stop syncing data after a password reset, until a new OAuth 2.0 token is granted. A new token is granted when the user signs in with their Google account username and new password. For details, go to Automatic OAuth 2.0 token revocation.
5. Third-party that require application-specific passwords (ASPs): When 2-Step Verification is in use, application-specific passwords (ASPs) may be required to use legacy applications that don't support OAuth. After a password reset, all ASPs are revoked and need to be regenerated. For details, go to Sign in using App Passwords.