Skip to content

Change password and sessions

Open Settings, then Security. Password and session actions affect the current account only and require authenticated backend authorization.

Typical time
5–10 minutes
You need
Current password and enrolled factor
Outcome
Rotated credentials or revoked sessions
  1. In Active sessions, review each device label, last-active time, expiry, and the Current marker.
  2. Choose Refresh to request the latest bounded inventory.
  3. Treat unfamiliar sessions as a security event.

The list is read-only until you choose a sign-out action. Never capture session identifiers or use device labels as proof of a person’s identity.

Security 1 of 5 · Screenshot placeholder

Review browser sessions

Show Active sessions, Current marker, synthetic device labels, Refresh, Sign out, and Sign out all.

Future capture briefUse synthetic devices and redact timestamps if identifying. Never show session IDs, IP data, tokens, cookies, user agents, or real locations.

Every expected browser appears once and the current session is clearly marked.

  1. Choose Sign out beside the exact session.
  2. Review Sign out this session?.
  3. Choose Sign out session.
  4. If you revoked the current session, sign in again.
  5. Otherwise wait for refresh and confirm the selected session disappeared.

Revocation is immediate and destructive to that browser’s access. It does not delete the account or revoke other sessions.

  1. Choose Sign out all.
  2. Review Sign out everywhere?.
  3. Choose Sign out all sessions.
  4. Expect every browser, including the current one, to require sign-in.

Security 2 of 5 · Screenshot placeholder

Confirm session revocation impact

Show the single-session and sign-out-everywhere confirmations as separate safe captures.

Future capture briefUse synthetic device labels. Hide account identity, session IDs, IPs, tokens, cookies, browser fingerprints, and location data.

The affected browser can no longer use its previous session. A UI notification alone is not enough; the revoked browser must be challenged on its next request.

  1. In Change password, choose Open password change.
  2. Enter Current password.
  3. Enter New password and satisfy every displayed requirement.
  4. Enter Confirm new password exactly.
  5. If two-factor is enabled, choose Verification method: Authenticator app, Email code, or Recovery code.

Security 3 of 5 · Screenshot placeholder

Prepare an authenticated password rotation

Show Current password, New password, Confirm new password, password requirements, Verification method, and Change password.

Future capture briefKeep all passwords and factors empty or masked. Exclude identity, recovery codes, tokens, sessions, browser storage, and password-manager overlays.
  • For Authenticator app, enter the current Authenticator code.
  • For Email code, choose Send verification code, enter the Email verification code, then choose Confirm code.
  • For Recovery code, enter one unused Recovery code.

Each proof is scoped to this password change. Do not reuse or share it.

  1. Choose Change password.
  2. Review Change password and sign out everywhere?.
  3. Choose Change password and sign out.
  4. Wait for the sign-in page.
  5. Sign in with the new password and an available second factor.

Changing the password also invalidates every active browser session.

Security 4 of 5 · Screenshot placeholder

Confirm password change and global sign-out

Show the warning title, impact message, cancel action, and Change password and sign out.

Future capture briefUse no real account data. Hide passwords, factor values, session details, tokens, cookies, and browser storage.

The old password and old sessions no longer authenticate. The new password works only with the account’s current sign-in policy.

Open your profile menu and choose Sign out. ScrinCloud saves an allowed session-state snapshot, sends a backend logout request, clears in-memory authentication, and returns to sign-in. This affects the current browser only; use Sign out all for every session.

Security 5 of 5 · Screenshot placeholder

Confirm the signed-out state

Show the public Sign in page after current-session or global sign-out.

Future capture briefHide profile identity, session state, return paths, tokens, cookies, storage, notifications, and tenant content.

Choose Refresh once. If it still fails, preserve the visible error and use verified support. Do not infer that sessions are absent.

Confirm you selected the correct device and that the browser made a new request. Escalate unexpected continued access as a security incident.

Complete current password, password policy, exact confirmation, and any required fresh factor proof.

That is the intended outcome of password change and Sign out all. Start a fresh sign-in; never try to restore an old cookie or token.