How-to kite password first login welcome email two-factor authentication kite pin

How to set up your password on Zerodha

From WebNotes, a public knowledge base. Last updated . Reading time ~8 min. Level: Beginner.

Zerodha never sends you a ready-made password. When your account opens, the welcome email from welcome@zerodha.com carries your 12-character user ID and a link to set the password yourself, nothing more. The absence of a password in that email is the design, not a delivery failure. This guide walks the first-login setup: opening the welcome email, creating the password, and configuring the 6-digit PIN or TOTP authenticator that the SEBI two-factor rule makes compulsory on every Kite login.

The setup runs from the Kite web login page at kite.zerodha.com. It takes about five minutes. Once done, the same password works across every Zerodha surface, Kite , Console , and the Coin app, because Zerodha uses a single credential set for all of them. There is no separate password to set per platform.

Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.

Step-by-step procedure

The numbered box at the top of this guide gives the sequence. The H3 sections below expand the two parts that trip people up: why no password arrives, and the two-factor choice between a PIN and a TOTP app.

1. Open the welcome email

After your account-opening forms are processed with the e-signature, Zerodha sends a welcome email from welcome@zerodha.com . The subject line reads Welcome to Zerodha. The body shows your 12-character user ID, the alphanumeric code such as AB1234 that identifies your account on the exchanges. It does not contain a password. If you have searched the email for one and found none, you have not missed anything; read why the welcome email has no password for the reasoning. Should the email not arrive, check the spam folder, then confirm the account-opening status before treating it as a problem.

2. Click Login now and create your password

Click the Login now link in the welcome email. It opens kite.zerodha.com on the password-creation screen, already keyed to your user ID, so you do not type the ID at this stage. Enter a password that clears the on-screen strength meter, then confirm it. Zerodha enforces a minimum length and a mix of character types at creation. Choose a password you use nowhere else: this single string, together with the second factor, is what stands between an attacker and your funds and demat account holdings. Read the Zerodha client password policy for the full rule set and the no-sharing requirement.

3. Set up two-factor authentication

Immediately after the password, Zerodha requires you to set a second factor. You pick one of two methods. The first is a 6-digit PIN that you choose and memorise; you enter it after your password on every login. The second is an external TOTP authenticator: select External authenticator, scan the QR code into Google Authenticator, Authy, or a similar app , and from then on you read a rotating 6-digit code from the app at login. TOTP is the more resilient choice if you ever lose your registered mobile, because an app like Authy backs the token up across devices, whereas SMS OTP depends on the phone you hold. See how to set up TOTP on Zerodha for the full TOTP path. Either factor satisfies the SEBI two-factor authentication requirement.

4. Enable device lock and log in

If you set up through the Kite mobile app, enable the device lock when prompted, a screen-lock PIN, pattern, or biometric tied to your phone. Device lock has been mandatory for Kite app login since 23 September 2022, the date Zerodha enforced it to comply with the SEBI 2FA circular. Read how to enable device lock on Kite and how to enable biometric login on Kite for those settings. Then log in: enter your phone number or user ID, the new password, and the 6-digit PIN or app code within five minutes. A clean login confirms the whole setup worked.

Password rules and the no-sharing policy

Zerodha sets a password strength rule at creation: the field rejects a password below the minimum length or one that lacks a mix of letters, numbers, and a symbol. The exact threshold is enforced on screen, so follow the meter rather than guessing. The deeper rule is policy, not software. Zerodha’s client password policy states that you must never share your password with anyone, including Zerodha staff, and that no representative will ever ask for it. A request for your password is a fraud signal; read how to verify a Zerodha call if you receive one.

A weak or reused password is the most common single point of failure in a retail trading account, because the second factor only helps if the first one has not already leaked through a breach on an unrelated site. Use a password manager, generate a long random string, and let the manager remember it. This matters more for a trading login than for most accounts, since the credential controls money movement and securities, not just a profile.

One credential set across Kite, Console, and Coin

The password you set at first login is not specific to Kite. Zerodha issues one user ID and one password per client, and the same pair authenticates Kite , Console , and the Coin mutual-fund app. When you log in to Console , you click Login with Kite and enter the very same credentials. There is no separate Console password to set up, and changing your password in one place changes it everywhere. This is why a single strong password and a single well-guarded second factor are sufficient, and why losing control of them compromises every Zerodha surface at once.

What happens if you reset later

The password you create now is not permanent. You can change it whenever you wish through the Forgot user ID or password flow on the login screen: enter your user ID and PAN, receive a one-time password on your registered email or mobile, then set a fresh password. The user ID, by contrast, never changes; see whether the Zerodha user ID can be changed . If you reset the password, Zerodha sends a confirmation by email and SMS, so an unexpected reset alert is worth investigating as a possible unauthorised access attempt. For the complete reset walkthrough, see how to recover a Kite password .

See also

External references

References

  1. Zerodha support, How to set up the Zerodha password? (as of 20 June 2026).
  2. Zerodha support, Why was only the user ID and not the password sent in the welcome email? (as of 20 June 2026).
  3. Zerodha support, How do I log in to the Kite app? (device lock mandatory from 23 September 2022, as of 20 June 2026).
  4. SEBI circular SEBI/HO/MIRSD/DOP/P/CIR/2022/76, dated 3 June 2022, on two-factor authentication for online trading account access.

WebNotes Editorial Team prepares factual how-to guides based on publicly available regulatory documents and broker disclosures. WebNotes is not affiliated with Zerodha Broking Limited. Procedures and screens are subject to change; verify the current flow at support.zerodha.com before acting.

Related articles

Frequently asked questions

Why did my Zerodha welcome email not contain a password?
Zerodha never sends a ready-made password. The welcome email from welcome@zerodha.com carries only your user ID and a Login now link, so you create your own password. This keeps the password known only to you and is standard practice.
What are the password rules at Zerodha?
Zerodha enforces an on-screen strength requirement at creation: a minimum length with a mix of letters, numbers, and a symbol. Pick a unique password you use nowhere else, since it is the first of two factors guarding your trading and demat account.
Is a 6-digit PIN compulsory at Zerodha?
Yes. A second factor is mandatory under the SEBI two-factor authentication rule. You set either a 6-digit PIN or a TOTP authenticator app during first login, and you enter it after your password every time you log in.
What if the Login now link in my welcome email has expired?
Use the Forgot user ID or password link on kite.zerodha.com instead. Enter your user ID and PAN, receive an OTP on your registered email or mobile, and set your password through the standard reset flow.
Can I use the same password on Kite, Console, and Coin?
Yes, and you must. Zerodha uses one user ID and one password across all its platforms, so the password you set at first login works on Kite, Console, and the Coin app without any separate setup.
How long do I have to enter the 2FA code?
You must enter the 6-digit PIN or the app TOTP within 5 minutes of entering your password. If you exceed the window, the login session times out and you start again from the user ID and password screen.
I forgot the password I just set. What do I do?
Reset it from the login screen. Tap Forgot user ID or password, enter your user ID and PAN, choose to receive an OTP on email or SMS, verify, and set a fresh password. See how to recover a Kite password for the full flow.

Reviewed and published by

WebNotes Editorial Team

The WebNotes Editorial Team covers Indian capital markets, payments infrastructure and retail investor procedures. Every article is fact-checked against primary sources, principally SEBI circulars and master directions, NPCI specifications and the official support documentation published by the intermediary in question. Drafts go through a second-pair-of-eyes review and a separate compliance read before publication, and revisions are tracked against the SEBI and NPCI rule changes referenced in the methodology section.

Last reviewed
Conflicts of interest
WebNotes is independent. No relationship with any broker, registrar or bank named in this article.