Unable to Log in to a Salesforce Sandbox and Resetting the Password

If you're using the correct username and password for your sandbox instance, these issues could be preventing you from logging in.

Login troubleshooting steps

Old login information is saved

If your web browser has saved your login information from before the last sandbox refresh, your login attempts will likely fail. Clear your browser's cache, cookies, and saved passwords, then restart your browser to make sure that all old login information is deleted.

If you're still not able to log in, continue with these troubleshooting steps.

Note : Once the sandbox is created/ refreshed the sandbox , you can login to the sandbox using production password.

Utilizing http://test.salesforce.com for logins after a Sandbox is created or refreshed

After a sandbox is created or refreshed, it can take 24–48 hours before you're able to log in using https://test.salesforce.com. During this period, access your sandbox via its My Domain login URL.

The URL is incorrect

There are instances where the generic login URL for sandboxes (http://test.salesforce.com) should specify the instance where your sandbox resides.

Find your instance in the 'Location' column

In Salesforce Classic: Setup | Deploy | Sandboxes
In Lightning Experience: Gear icon | Setup | Platform Tools | Environments | Sandboxes

If you continue to experience login issues, change the login URL for the sandbox from http://test.salesforce.com to http://csX.salesforce.com (where: csX represents your sandbox instance, like cs1, cs2, cs3).

My Domain Settings

If the sandbox org has My Domain enabled and you have the Login Policy set to 'Prevent login from https://test.salesforce.com,' then Users would need to use the My Domain URL to log in, such as https://[MyDomain]--[SandboxName].csx.my.salesforce.com.

The system administrator can alternatively disable Prevent login from https://test.salesforce.com:

Go to My Domain Settings from Setup.

In Salesforce Classic: Setup | Administer | Domain Management | My Domain

In Lightning Experience: Setup | Settings | Company Settings | My Domain

Scroll down to My Domain Settings.
Click Edit.
Deselect Prevent login from https://test.salesforce.com.
Click on Save.

User Maintenance

With selective access, a Salesforce admin grants access to specific users through a public group. The email addresses for the users included in the group remain in their original format and don’t need to be modified. Users who aren’t part of the public group have to be unfrozen in the sandbox in order to access it.
Any user who is part of the Public Group and hasn’t logged in to an existing or newly created, cloned, or refreshed Developer or Developer Pro sandbox within the first 60 days is frozen.

The System Admin can unfreeze the user so one can login with an existing password or reset the password (if required).

For more information on User maintenance:

Select Who Has Access To a Sandbox
Determine Who Has Sandbox Access
Increase Sandbox Security with Inactive User Freezing

Additional Information About Logins and Resetting the Sandbox Password

Your sandbox email addresses are appended with a ‘.invalid’ at the end. If you are resetting the password, please be sure your email address is updated first. To change email address, please work with your system administrator. For more information, please review Email addresses in sandbox appended with '.invalid' after refresh.

Note: For sandbox Users who did not update their email addresses to reflect a valid domain prior to the refresh, you may still see the ‘@example’ domain followed by the ‘.invalid’ at the end.

There are also situations where a customer will have a newly refreshed sandbox, which will share the same password and password expiration date from its production organization. Once the password expires, it will affect both environments and usually the production always has the chance for a password reset, especially if the sandbox is not used daily. This will become an issue if the customer tries to login to the sandbox thinking that the change in production's password also applies there.
Although most email addresses are appended with a '.invalid' at the end, this is not true for the admin user who created or submitted the sandbox for refresh. If an admin is unable to access the target sandbox, check if any other admin users can assist and update the user record's email address and reset the password. If no admins are able to log in to the sandbox, then please contact Support and follow the Change an administrator's email address in sandbox process.