We are implementing new password requirements to ensure everyone's password is secure. The next time you have to log in, you will be prompted to change your password.

New passwords must contain:

At least 8 characters
At least one upper and one lower case character
At least on number
At least one special character.
No more than three consecutive instances of any one character.
If you prefer to use a passphrase, you can choose a phrase that meets just two requirements. Passphrases must be:

At least 20 characters long
No more than three consecutive instances of any one character.

When will I have to change my password?

Changing your password will be mandatory the next time you log in. If you are already logged in, you will be asked to change your password once your current session expires, this is typically 14 days from the last time you logged in.

You can also pro-actively change your password by going to Settings > Your Profile> Passwords & Credentials.

Can I re-use an old password?

No, unfortunately, we don't allow re-used passwords.

Why can't I keep my existing password if it meets the new requirements?

Your password is stored as a salted hash using asymmetric encryption. This means that once your password is saved to our database, we have no way of decoding and examining your password. This is good from a security standpoint because it protects your password from prying eyes. The flip side is that there is no way for us to see if your old password meets the requirements that we are implementing in this latest release.

If you can't tell whether my old password meets the requirements, how can you tell if my new one does?
New passwords can be checked by the server against new password requirements before they are hashed and saved to our database. Once they are saved, passwords become salted hashes that cannot be decoded and we can no longer check them; we can however trust that the new server functionality did its job before hashing and saving your password.

These changes to our password requirements help comply with security best practices that a number of our customers have been asking for. We understand that passwords are messy and hard to remember but a chain is only as strong as its weakest link, which is why these changes had to be implemented across all of our users in order to be effective.

1) Manage your account password

You created your password after being invited to join a company account. To edit your password, simply click on the “Change your password” button on this page.

Settings > Your Profile > Password & Credentials

If you have any problems with changing your password, please contact support.

2) Manage your Two-Factor Authentication

You might have the option to turn on or off your authentication, however, it depends on if the company account has turned it on for you. If the company has all users turned on, you will not be able to turn it off. However, you do have the option to create a new secret key or update your phone number on this page.

Settings > Your Profile > Password & Credentials

Please see the full article for Two-factor authentication (2FA) if you have any questions
​https://snuggpro.com/help/article/two-factor-authentication

3) Manage your HES User ID for DOE Home Energy Score

Your HES assessor ID and HES assessor password are required to authenticate to the DOE when obtaining a Home Energy Score in Snugg Pro.

Settings > Your Profile > Password & Credentials

The password is the same password you use to log onto the Home Energy Score Administration Tool.

It will be encrypted and saved for the purpose of authenticating you when obtaining a Home Energy Score.

If you don't know or forgot your password you can request a new one from the DOE.