Change Your Own TrekMail Mailbox Password

If you have a mailbox on TrekMail (e.g. alice@yourcompany.com) and you're not the account admin, you can still change or reset your own mailbox password without asking the admin. This guide walks through the three self-service paths plus what to do if you've lost all access.

This is the mailbox password — what you use to sign in to webmail or set up the mailbox in Outlook, Apple Mail, your phone, etc. It's different from the TrekMail dashboard password (which the account owner manages). If you're the account owner, see Changing Your Account Password instead.

Before you start

You need one of the following:

• Your current mailbox password (you remember it, just want to change it).
• A recovery code (a one-time access code or legacy recovery code, issued when you set up the mailbox via invite or generated by your admin).
• A recovery email configured on your mailbox (set during mailbox creation or in webmail settings).

If you have none of these, your account admin needs to reset the password — see "What if you have nothing" at the bottom.

Where to go

Open the mailbox password reset page:

• Standard TrekMail webmail: https://webmail.trekmail.net/password-reset — or click Forgot password? on the regular webmail login screen.
• White Label Lite branded webmail: if your provider runs TrekMail under their own brand, use their branded URL (e.g. app.yourbrand.com/mail/password-reset). The reset form lives there too with their brand applied.

The page shows a single form with three mode buttons at the top: Current password, Recovery code, Recovery email. Pick the mode that matches what you have.

Path 1 — Change with your current password

Use this when you remember your current password and just want to set a new one.

1. Select Current password mode.
2. Enter your Email address (e.g. alice@yourcompany.com).
3. Enter your Current Password.
4. Enter your New Password twice. Requirements:
   • At least 12 characters.
   • At least one uppercase letter.
   • At least one lowercase letter.
   • At least one number.
5. Click Update Password.

All four requirements show as live green checks as you type — the Update button only enables once they're all met. The new password becomes effective on IMAP/SMTP immediately. Every existing session for this mailbox is terminated; any client still using the old password (Outlook, iPhone Mail, scripts) will fail authentication until you update it there too.

Path 2 — Reset with a recovery code

Use this when you've forgotten your current password but you have a recovery code (either a one-time access code emailed to you, or a long recovery code given when the mailbox was first set up).

1. Select Recovery code mode.
2. Enter your Email address.
3. Paste the Recovery code exactly. They're typically 16-32 characters with letters and numbers.
4. Enter your New Password twice (same rules as above).
5. Click Reset Password.

The code is consumed on use — single-use. After this reset, the same code won't work again. If you'll need to reset again later, ask your admin to issue a new code.

Path 3 — Reset via recovery email

Use this when:

• You've forgotten your current password.
• You don't have a recovery code.
• But you DO have a recovery email configured on your mailbox.

1. Select Recovery email mode.
2. Enter your TrekMail Email address.
3. Click Send reset link.
4. The page always shows "We sent a link to your recovery email" regardless of whether a recovery email is actually configured — this is intentional to prevent attackers from probing for valid mailboxes.
5. Check the inbox of your recovery email. If one is configured, you'll get a password-reset link within a minute.
6. Click the link in that email. You'll land on a page to set a new password.
7. Enter your new password twice. Submit.

The link expires after a short window (typically 60 minutes). Use it promptly.

What changes after a reset

• All webmail and IMAP/SMTP clients stop working with the old password.
• Update each connected client (Outlook, Apple Mail, your phone) with the new password. Until you do, they keep failing authentication.
• Your emails, folders, mail rules, auto-replies, contacts are all preserved. Only authentication credentials change.
• Any active webmail sessions are NOT automatically signed out — they continue running with the old session token until it expires naturally (typically a few weeks of inactivity). If you suspect someone else has access, change the password AND clear active sessions from webmail settings if your version exposes that option.

Common errors

"Invalid credentials. Please check your email and password."

Either the email doesn't exist, or your current password is wrong. The error message is intentionally vague — it doesn't tell attackers whether the mailbox exists.

If you're sure the email is right, the issue is the password. Try a recovery code or recovery email instead.

"Invalid credentials. Please check your email and access code."

The recovery code is wrong, already used, or expired. Codes are single-use; if you've used this one before, it's gone. Ask your admin to issue another.

"Password too weak" / "Password has been compromised"

Two flavours:

• Too short or missing complexity: at least 8 chars, mixed case, and at least one digit. Add what's missing.
• Compromised: the password you're trying to set is in the public list of breached passwords (Have I Been Pwned). Pick a different one. This is a security feature — even if you change to a strong-looking password like Password123, if it's been seen in breaches, we refuse it.

"Password could not be updated. Please try again or contact support."

Internal failure during the sync to the mail server. Usually transient — wait a minute and retry. If it persists, your account admin can reset directly from the dashboard.

"Too many attempts. Please try again later."

We rate-limit reset attempts per email and per IP to prevent brute-forcing. If you've tried 5+ times in a short window with the wrong password or code, wait ~15 minutes before trying again.

What if you have nothing — no password, no code, no recovery email

Your account admin (the person who created the TrekMail account that owns your mailbox) needs to reset the password for you. They have two options:

• Direct reset in their dashboard: Mailboxes → your mailbox → Change Password. They give you the new password securely.
• Issue a one-time access code for you to use via Path 2. They give you the code; you do the rest yourself.

If you don't know who your account admin is, contact whoever set up your email account at work or via the service that gave you the mailbox. TrekMail support can't reset mailbox passwords on behalf of mailbox users without account-owner authorisation — we need the account holder's consent before touching their data.

Security tips

• Use a password manager (1Password, Bitwarden, iCloud Keychain, etc.) to store strong passwords. Don't memorise — that pushes you toward weak passwords.
• Don't reuse your TrekMail mailbox password elsewhere. If another service is breached, the password lands in compromised-password lists and we'll refuse it on next change.
• Watch for phishing. Real TrekMail reset emails come from noreply@trekmail.net (or your provider's branded domain if they use White Label Lite). Always check the From address. We never ask you to "verify your password" via email.
• Keep recovery codes safe. If your admin gives you a code, store it in your password manager — don't email it to yourself in plaintext.