DoxyChat
Doxy Chat

Password Management

Protect access to your chatbot with a password.

This article is available in: Français

Manage Access Password (Private Mode)

Learn how to set, modify, and understand how the password works for your secured chatbots.

Introduction

When you configure a chatbot in Private Mode, the password becomes the unique key allowing access to your conversation interface. This is an essential feature for protecting sensitive data (HR, technical, strategic) from prying eyes.

This guide explains how to manage this password and what this means for your end users.

Set or modify the password

Password management is done in your chatbot’s security settings.

  1. Go to your Dashboard.
  2. Select the relevant chatbot and click on the Security tab.
  3. Ensure that Visibility is set to Private.
  4. In the Access Password field, enter your new password.
    • Tip: Choose a passphrase or a complex string of characters for maximum security.
  5. Click on Save.

Important: The modification is immediate. If you change the password, all currently connected users will need to enter the new password during their next session to continue chatting.

The User Experience (Visitor Side)

Here is what your users see when they attempt to access your private chatbot:

1. The lock screen

Whether they access via the Direct Link (Hosted Page) or via the Widget on your site, the chat interface is hidden. Instead, they see a clean login screen with your logo and an input field inviting them to “Enter password”.

2. Unlocking

The user types the password you have communicated to them and validates.

  • If the password is incorrect: An error message is displayed, access remains blocked.
  • If the password is correct: The lock screen disappears instantly and gives way to the conversation with the AI.

3. Browsing convenience (Session Token)

To avoid your users having to retype the password every time they send a message or refresh the page, DoxyChat uses a Secure Session system.

  • Once the password is validated, the user’s browser receives a temporary Session Token.
  • This token acts like a digital access badge. As long as it is valid, the user can close the tab, come back later, or change pages without being blocked again.
  • For security, this token has a limited lifespan. Once expired (or if the user clears their cache), the password will be requested again.