The unit ships with auto-update class MINOR, so that answers my question. No changes there recently.
To reset the p[assword(s):
Remove the USB power plug and AC adapter plug from the unit!
Remove the four screws in the bottom. They are self tapping and don’t usually just fall out, you usually have to tap the unit to make them fall out.
Remove the top cover and lift the circuit board clear of the base.
Locate the SD socket and card on the back end of the circuit board.
Be careful removing the card, it is fragile and can be cracked if not pulled straight out. There’s a lip on the top back edge of the card. Grasp it with fingernails and gently pull straight out.
Mount the card on another computer in the /iotawatt directory there should be a file named auth.txt. So that’s /iotawatt/auth.txt. Delete the file auth.txt. DO NOT DEL:ETE ANY OTHER FILES IN DIRECTORY IOTAWATT. They are your datalogs and message logs.
While you are in there, make a copy of the /iotawatt/iotamsgs.txt and in the root directory config.txt in case this doesn’t solve your problem.
Gently reinsert the card directly into the IoTaWatt, reassemble, connect the AC adapter and then power up with the USB power plug.
You should be able top logon without a password.
Please post back your results. I have some follow up suggestions regarding how this could have happened and what you could do to protect against it.