Help / Your Account

Changing your password

When you're already signed in and want to change your password — for regular rotation, because you suspect it's been compromised, or just because — use the change-password flow rather than the forgot-password one.

The change-password flow

  1. Open your profile from the top-left.
  2. Navigate to the password-change form. (The exact path depends on the current LedgerBear layout; look for a Change Password option.)
  3. Enter your current password for confirmation.
  4. Enter your new password (6–80 characters) twice, to catch typos.
  5. Submit.

If the current password is wrong, the change is rejected and nothing happens. The correct password is required as proof that the person hitting the button is actually you.

Why not just use "Forgot your password?"

You could — it works — but change-password is cleaner when you're already signed in:

  • No round-trip through email.
  • Immediate effect.
  • Doesn't rely on your email inbox being available.

Forgot-password is for when you can't sign in at all. Change-password is for when you can.

What happens to your other sessions

Changing your password invalidates every session tied to your user except the one you just used to make the change. If you were signed in on your phone, laptop, and desktop, the laptop (where you changed the password) stays signed in with the new session, but the phone and desktop are signed out and will require the new password on their next action.

If someone had your old password, they're out now.

Choosing a good password

Standard advice applies:

  • Longer is better. Use at least 12 characters; 16+ is better.
  • Mix it up if you can, but length is more important than character classes.
  • Don't reuse a password you use elsewhere — if another site gets breached, attackers try the leaked credentials everywhere.
  • A password manager (1Password, Bitwarden, your browser's built-in one) makes unique per-site passwords tractable. Generate one, store it, forget it.

LedgerBear doesn't enforce complexity beyond the 6–80 character length — but that doesn't mean six characters is fine. Pick something a bot can't brute-force in a weekend.

If you can't remember your current password

Use the forgot-password flow instead. That one doesn't require knowing the old password — it works via your email inbox.