Password rotation

Our password rotation feature forces users to change their Dotdigital password every 90 days.

Laura Russell avatar
Written by Laura Russell
Updated over a week ago

Password rotation can help ensure the security of your account, but it may be that you want to disable this feature so that your account users can retain the same password, and not be forced to change it every 90 days.

Password rotation is not applicable for users logging in through Single sign-on.

Before you start

Things you need to know:

  • For new top-level accounts and their child accounts created after 8 November 2023, password rotation is disabled by default. For new child accounts of parent accounts created before this date, password rotation is enabled by default.

  • To enable or disable password rotation, you must be the account owner, or a managed user with the Can manage account permission enabled.
    โ€‹Learn more in Restrict and grant user access permissions.

  • Password rotation works at an account level. So, where a user has access to multiple accounts, and one or more of these accounts has password rotation enabled, the user needs to update their password on logging in to an affected account for the first time since their password has expired.


A user has access to three Dotdigital accounts:

  • Account A: password rotation disabled

  • Account B: password rotation disabled

  • Account C: password rotation enabled

Itโ€™s been 91 days since the user last updated their password. The user can continue to log in to Accounts A and B without being prompted to change their password. The first time the user logs in to Account C after the 90 day period has passed, they must then update their password to access Account C.

This updated password applies at the user level, so is then also the password that must be used to access accounts A and B from that point on.

Enable or disable password rotation

  1. Expand the User menu and go to Settings > General > Account settings.

  2. Under Security, select or clear the Password rotation checkbox to enable or disable the feature.

  3. Select SAVE SETTINGS.

You can see the last date and time the password rotation setting was updated, and which user updated it.

This information is hidden if the setting has never been changed.


When the password rotation setting is changed for an account, an email notification is sent to the account owner, and any managed users with the Can manage account permission enabled.

Did this answer your question?