Historically the accepted security advice has been to require users to regularly change their passwords. This advice was intended to minimize the time passwords were valid for if they were ever compromised.
The advice backfired; research has shown that regularly requiring password changes leads to users choosing weaker passwords that are more likely to be compromised in the first place. This is because users had to always remember new passwords, so they made it easy to remember.
Modern security advice requires users to change their passwords when there is reasonable suspicion that a password has been compromised. This reduces users’ pressure to always remember new passwords and instead create and remember more extended and more complex passwords.
Unfortunately, occasionally you may have issues where user accounts are being accessed without authorization. If this appears to be the case for your Slack workspace, you may want to pro-actively reset everyone’s password.
How to Make Everyone Change Their Passwords on Slack
To force users to reset their Slack password, go into the workspace authentications settings. To get there, click on the workspace name in the top-right corner. Next, in the dropdown menu, select “Settings & administration.” Then “Workspace settings” to open the workspace settings in a new tab.
Switch to the “Authentication” tab at the top of the page, followed by the “Expand” button for the “Forced password reset” permissions.
Resetting everyone’s Slack password will send every member of your workspace a message from Slackbot. It’ll inform them that they’re required to reset their password and receive a password reset email shortly.
Signing Everyone Out
You can also optionally choose to sign everyone out of Slack until they change their password. To sign all users out, click in the dropdown box and select “Sign everyone out of all apps (<number of members affected>)” to terminate everyone’s sessions immediately and send the password reset email. To choose to just send a Slackbot message and password reset email without signing everyone out, select “DO NOT sign everyone out of all apps” in the dropdown box.
Tip: If you’re selecting the option to sign everyone out of their accounts, you may want to ensure users know what’s happening beforehand. Realistically, if a corporate workspace resets all passwords and disconnects everyone’s session, the helpdesk will get a lot of calls from confused callers. The helpdesk should be made aware of the situation as soon as possible. So they can point users towards checking their emails and resetting their password.
Once you’ve made your selection, click “Reset passwords for all workspace members.” Then click “OK” in the confirmation prompt.
Note: You don’t have to re-enter your password for this action to take effect.
If you’ve noticed a pattern of unauthorized access to Slack accounts in your workspace, you may want to reset everyone’s Slack password to be safe. By following the steps in this guide, you can force all your workspace members to reset their Slack password.