Reset or Change Fieldworker Passwords in OctopusPro
Keeping sign-in credentials up to date—and easy to recover—protects your entire field-service operation. OctopusPro lets admins change a fieldworker’s password in seconds, allows workers to manage their own credentials from either the mobile app or a browser, and supplies a secure “Forgot password” flow that follows OWASP & NIST guidelines. Every reset is stamped in the user’s activity log for auditing and payroll compliance.
Why secure, flexible password control matters
| Benefit | How OctopusPro delivers |
|---|---|
| Operational uptime | Admins can impersonate (“Login as user”) or reset passwords instantly, preventing missed jobs. |
| Audit & compliance | Each reset is written to the user’s Activity Log, satisfying ISO, SOC 2, and internal audit policies. |
| Worker self-service | Mobile “Change Password” keeps contractors productive without office calls. |
| Security | Email-verified accounts, strong-password rules (≥12 chars, no complexity dead-ends), and single-use reset links align with OWASP & NIST recommendations. |
Admin: change a fieldworker’s password
| Path | Steps |
|---|---|
| A. From Fieldworker list | Fieldworkers → ⋯ Actions → Change password → enter & confirm new password → Save 
|
| B. From Fieldworker profile | Fieldworkers → ⋯ Actions → Change password → enter & confirm new password → Save
|
| C. From User settings | Settings ▸ Company Settings ▸ Users → ⋯ Actions → Change password |
| Results | Fieldworker receives an email notification; entry appears in Activity Log; admin remains logged in as self. |
Tip: Use the “Login as this user” command when you must troubleshoot without changing their credentials first.
Fieldworker self-service
| Surface | How to reach | Flow |
|---|---|---|
| Web | Profile drop-down ▸ Change my password |
Enter old password → new password (twice) → Save |
| Mobile app | ☰ Menu ▸ Change password |
New password → confirm → Confirm |
If the worker’s email is unverified, OctopusPro prompts an email-verification step before allowing the change, blocking account takeovers.
Forgotten password workflow
- Click Forgot your password? on the login page (web or app).
- Enter account email → Reset.
- Worker receives a time-limited, single-use link.
- Follow link, create new password, sign in.
The reset link expires in 60 minutes and becomes invalid after first use, eliminating replay risk.
Security best practices
- Minimum 12 characters; phrases preferred over complexity.
- “Remember me” checkbox uses secure cookies scoped to device; avoid on shared computers.
- Enforce periodic resets via Automations if required by your industry policy.
- Use Activity Log filters (Security Events) to audit password changes company-wide.
Examples & use cases
| Scenario | Outcome |
|---|---|
| Contractor phones dispatch—forgot password 30 min before job | Admin uses path A, sets a temporary pass, texts worker; job proceeds on time. |
| Seasonal workforce returns | Bulk-activate users, send mass “Reset your password” email via canned response; audit trail confirms completion. |
| Security audit requests evidence | Export Activity Log → filter password_change; provide CSV with timestamps & admin IDs. |
What’s next?
Review Automations ▸ Security to schedule periodic password-expiry reminders, and see User Roles & Permissions for tightening access scopes.
To stay updated, please subscribe to our YouTube channel.