Verkada Command Account FAQ

Org Admins do not have the ability to unlock users who have been locked out.

Verkada Support does not have the ability to unlock user accounts. Users must wait the full 15 minutes before they can attempt to log in again.

You need access to that user’s mailbox or add their email address as an alias to your mailbox. Once you have access to their mailbox, request to reset the password to get a password reset link via email. With the password reset link, you can reset the password to their account and log in.

User accounts are locked out after 7 failed attempts.

The lockout period is 15 minutes.

The Verkada new account activation link expires 30 days after the email invite is sent and can only be clicked once.

The password reset link email expires after 24 hours.

Yes. Two-Factor Authentication (2FA) is required for all Org Admins in Command. If not already configured, Org Admins will be prompted to set it up at their next login. This requirement cannot be bypassed.

Yes, they can. Follow the steps outlined in Activate 2FA for Your Command Account.

Verkada Support does not have the ability to disable 2FA for a user.

In Verkada Command, at the bottom left, click the organization where you want to change your password.On the slide-out page, click My Account.Under Security > Password, click Change.a. Enter your current password. b. Enter your new password twice. c. Click Change to confirm.Alternatively, use the password reset link, enter your email address, and click Reset via Email.

Yes, Org Admins can reset Command users’ passwords.

In Verkada Command, go to All Products > Admin.Under Org Settings > Users, select the user whose password you wish to reset.Click on the three dots next to the user’s name and click on Control Login.Click Reset Password. This will log the user out of all existing Command sessions and send them a link via email to reset their password.

The password reset URL is https://command.verkada.com/reset-password.

Verkada Support does not have the ability to set user passwords.

The password must be at least 8 characters, contain one number (0 to 9) and at least one special character; for example, !@#$%&.

The email address is [email protected].

Users cannot reuse any of the last 30 passwords that have been used.

By default, Verkada does not enforce a maximum password age. To enforce this policy, integrate Verkada with SSO or Active Directory through SAML, where password age requirements can be configured.

Credential stuffing is when attackers use passwords leaked in other data breaches to try to access your account.

To keep you safe, Verkada checks every new password against Have I Been Pwned (HIBP) — a trusted database of exposed passwords.

If your chosen password appears in this database, Verkada will block it and prompt you to select a stronger one. For best security, use a randomly generated password.

How it works

Your actual password never leaves Verkada.We create a SHA-1 hash of your password and send only the first 5 characters of that hash to HIBP.HIBP returns a list of possible matches.Verkada checks locally to see if your password is compromised without revealing your password or email address to anyone.

This process keeps your account secure while ensuring your password stays private.