Your email password is the single most important credential protecting your business communications. If it is weak, reused, or has not been changed in years, your inbox and everything in it (invoices, contracts, customer details, password reset emails for every other service you use) is at risk. The good news is that changing your password in cPanel takes less than two minutes once you know where to click.
This guide walks you through the complete process step by step. You will also learn when to change your password, how to choose a strong one, and what to do in your email apps (Outlook, iPhone, Android) immediately after the change so you do not lose access.
When You Should Change Your Email Password #
You do not need to change your password on a fixed schedule. Modern security guidance has moved away from “rotate every 90 days” because it tends to push people toward weaker, predictable patterns. Instead, change your password whenever any of these situations apply:
- You suspect your account has been accessed by someone else (unfamiliar sent items, password reset emails you did not request, login alerts from unfamiliar locations)
- An employee or contractor with access to the email has left your company
- You used the same password on another service that has been breached (check via Have I Been Pwned)
- You logged in on a public computer, hotel Wi-Fi without a VPN, or a device you no longer trust
- You have been receiving unusual amounts of spam that suggest your email is being spoofed (see our guide on spoof emails)
- The current password is short, simple, or shared between accounts
- You are setting up the email for a new owner or a new device and want a clean reset
Before You Start #
To change an email account password, you need:
| What You Need | Details |
|---|---|
| cPanel access | The login credentials for your hosting account’s cPanel. Provided by AEserver in your welcome email or available from the client area at my.aeserver.com. |
| A modern web browser | Chrome, Safari, Firefox, or Edge. Update to the latest version to avoid display issues. |
| A safe place to store the new password | A password manager is strongly recommended (Bitwarden, 1Password, iCloud Keychain, or Google Password Manager). Never store passwords in plain text files or sticky notes. |
| Access to your email apps | After you change the password, you will need to update Outlook, Apple Mail, your phone, and any other clients connected to this account. Plan a few minutes for this. |
Step-by-Step: Change Your Email Password in cPanel #
Log In to Your cPanel Account #
Open your web browser and go to your cPanel URL. For most AEserver customers this is https://yourdomain.ae:2083 or https://yourdomain.com/cpanel. You can also access cPanel through the AEserver client area at my.aeserver.com by clicking your hosting service and choosing “Login to cPanel”.
Enter your cPanel username and password and click Log In. If you have forgotten your cPanel password (which is different from your email password), use the password reset link or contact AEserver support.
Open the Email Accounts Section #
Once you are logged in to cPanel, scroll down to the “Email” section and click Email Accounts. You can also use the search box at the top of cPanel and type “email accounts” to jump straight to it.
Find the Email Account and Click Manage #
You will now see a list of every email address that has been created on this hosting account. Find the address whose password you want to change. To the right of that row, click the Manage button.
Set the New Password #
On the Manage page you will see a section called “Security” with a “New Password” field. You have two options here.
📋 Method 1: Generate a Strong Password Automatically (recommended) #
Click the Generate button next to the password field. cPanel will create a long random password using letters, numbers, and symbols. This is the safest option because the password will be far stronger than anything most people invent themselves.
A small popup will appear showing the generated password. Copy it immediately and paste it into your password manager. You will not be shown this password again after you save the form, so make sure it is stored before you continue.
📋 Method 2: Enter Your Own Password Manually #
If you prefer to set your own password, simply type it into the “New Password” field. cPanel will show a strength indicator (Very Weak, Weak, Moderate, Strong, Very Strong). Aim for “Very Strong” at minimum. See the password best practices section below for guidance.
(Optional) Adjust Password Complexity Settings #
If you want to customize how the auto-generator creates passwords (length, whether to include symbols, etc.), click the gear or “more options” icon next to the Generate button. You can change:
- Length: default is 12 characters. Increase to 16 or 20 for sensitive accounts.
- Letter case: use both uppercase and lowercase
- Numbers: include digits 0 to 9
- Symbols: include special characters like ! @ # $ %
Click Generate again after changing settings to create a new password matching your rules.
Save the New Password #
Scroll to the bottom of the Manage page and click the Update Email Settings button. cPanel will confirm the change with a success message at the top of the screen.
That is it. The new password is active immediately. The old password is no longer valid for any login attempt, including webmail, mobile apps, and desktop email clients.
Update Your Email Apps After Changing the Password #
Once you change the password in cPanel, every device that connects to this email account will stop working until you update the password there too. This applies to phones, tablets, laptops, and any third-party app that has been authorised on the account.
| Email App | Where to Update the Password |
|---|---|
| Outlook (Windows) | File, Account Settings, Account Settings, double-click the account, enter the new password, Next, Done. |
| Outlook (Mac) | Outlook menu, Settings, Accounts, select your account, update the password field, close window. |
| Apple Mail (Mac) | Mail menu, Settings, Accounts, select account, click Server Settings, update password for both incoming and outgoing servers. |
| iPhone or iPad | Settings app, Mail, Accounts, select account, tap account name, update password. You may need to do this for both IMAP and SMTP. |
| Android (Gmail app) | Open Gmail, tap profile picture, Manage accounts on this device, select account, when prompted, enter the new password. |
| Android (Samsung Email or other) | Open the email app, Settings, select account, Server settings or Sync settings, update password. |
| Thunderbird | When prompted with authentication error, enter the new password and check “Use Password Manager to remember this password”. |
| cPanel Webmail (Roundcube, Horde) | No update needed. Just log in with the new password at the next session. |
How to Choose a Strong Email Password #
If you choose to set your own password instead of using the generator, follow these rules. Each one closes a real attack vector that has compromised email accounts in the UAE.
| Rule | Why It Matters |
|---|---|
| At least 14 characters long | Brute force attacks crack short passwords in hours. Each extra character multiplies the time exponentially. |
| Mix uppercase, lowercase, numbers, and symbols | Variety dramatically increases the size of the search space attackers must try. |
| No dictionary words, names, or dates | “Dubai123!”, company names, your name, your birthday, your kid’s name, your phone number, all are tried in the first thousand attempts. |
| Unique to this account | If reused, one breach exposes every account using the same password. Email is especially dangerous because it controls password resets for everything else. |
| Stored in a password manager | You cannot remember a strong unique password for every account, and you should not have to. Password managers solve this. |
| Not shared via email, SMS, or chat | If you must share with a colleague, use a password manager’s secure sharing feature or a one-time secret link service. |
Troubleshooting Common Issues #
“Authentication failed” errors after the change #
Expected behaviour. Every email client that was connected to the account needs the new password. Open each app and update the password using the table above. If errors persist after updating, double-check that you typed the password correctly (no leading or trailing spaces from copy-paste).
The new password is rejected as “too weak” #
cPanel enforces a minimum strength score. Increase the length, add symbols, and avoid dictionary words. Or simply click Generate to create a password that automatically meets the requirements.
I cannot log in to webmail with the new password #
First, make sure you are using the full email address (you@yourdomain.ae), not just the username. If still failing, wait two to three minutes for the change to propagate across all webmail front-ends, then try again. If the issue continues, the password may have characters that are not being entered correctly, change it once more using only standard characters.
Emails are not sending after the password change #
Sending uses a separate connection (SMTP) from receiving (IMAP or POP). Some apps store the SMTP password separately. Check your outgoing mail server settings and update the password there as well.
I changed the password but I am still receiving spam complaints #
If your account was sending spam, simply changing the password may not be enough. Check the email account for unauthorised forwarding rules, app passwords, or third-party connected services that the attacker may have set up. Review our guide on protecting your inbox and consider enabling DMARC Force for your domain.
I forgot the cPanel password itself #
The cPanel password is separate from your email passwords. To reset it, log in to your AEserver client area at my.aeserver.com, go to your hosting service, and use the “Change Password” option. If you cannot access the client area either, contact AEserver support with proof of identity.
Frequently Asked Questions #
How often should I change my email password? #
There is no fixed schedule. Change immediately if you suspect compromise, after employee departures, or if the password has been used on another service that was breached. A strong, unique password kept in a password manager and protected by a secure account does not need routine rotation.
Will changing my email password log me out of cPanel? #
No. The email account password and your cPanel login password are completely separate. Changing one does not affect the other.
Can I change the password for multiple email accounts at once? #
cPanel does not have a true bulk password change feature, but you can quickly update accounts one after another from the Email Accounts page. For 10 or more accounts, contact AEserver support, our team can run the change for you.
What is the maximum password length cPanel allows? #
cPanel supports very long passwords (up to several hundred characters). The practical limit is your password manager and any email client that may have a shorter input field. 20 to 30 characters is more than enough for serious security.
Will my old emails be deleted when I change the password? #
No. The password change is purely a credential update. All your existing emails, folders, contacts, and settings remain exactly as they were.
Should I enable two-factor authentication on my email? #
cPanel email accounts use the standard IMAP/POP/SMTP protocols, which do not natively support 2FA in the way web apps do. For maximum protection, enable 2FA on cPanel itself (which controls the account where emails live) and consider switching critical accounts to Microsoft 365 or Google Workspace, which support full 2FA at the app level.
My phone keeps asking for the password even though I entered it correctly #
Some phones cache the old password aggressively. Try deleting the email account from the phone (this does not delete emails from the server) and adding it back with the new password. Your inbox will reload from the server.
Can AEserver tell me my current password if I forgot it? #
No. Email passwords are stored as one-way hashes, even AEserver staff cannot see the original password. The only way forward when you forget is to set a new one using this guide.
Summary #
- Log in to cPanel using your hosting credentials, not your email credentials.
- Open Email Accounts in the Email section of the cPanel dashboard.
- Click Manage next to the email address you want to update.
- Set the new password, either by clicking Generate (recommended) or entering one manually that is at least 14 characters with mixed character types.
- Save it in a password manager immediately before clicking Update.
- Click Update Email Settings at the bottom of the page to apply the change.
- Update every connected app: Outlook, Apple Mail, iPhone, Android, Thunderbird. The old password no longer works anywhere.
- If you suspected a compromise, also review forwarding rules, app passwords, and consider enabling DMARC and additional security layers.
The whole process takes about two minutes in cPanel and another five minutes to update your devices. If you run into any issues, our support team is available 24/7 through chat, email, and phone.
