Security Settings

​

Overview

The Security section allows you to manage your account password. You can update your existing password for enhanced security. If you signed up with social login and don’t have a password yet, you must first set one using the “Forgot Password” option on the login page.

​

Password Management

​

Setting a Password for Social Login Users

If you signed up using social login (Google, Microsoft), you cannot set a password directly from Security Settings initially. You must first set a password using the “Forgot Password” flow, after which you can use Security Settings to update your password. Using Forgot Password to Set Your First Password To set your first password after signing up with social login:

1. Go to Login Page
   • Navigate to the login page
   • Click “Forgot Password” link (next to the password field)
2. Enter Your Email
   • Enter the email address associated with your account
   • Click “Submit” button
   • A password reset email is sent to your address
3. Check Your Email
   • Open the password reset email
   • Click the reset link in the email
   • You’ll be redirected to the password reset page
4. Set Your Password
   • Enter your new password
   • Confirm your new password
   • Click “Reset Password” button
   • Password is set successfully
   • You’ll be redirected to the login page

​

Updating an Existing Password

Once you have set a password (either through “Forgot Password” for social login users, or during email/password registration), you can update it using Security Settings:

1. Navigate to Security Section
   • Go to Account Settings
   • Click on “Security” tab or section
2. Enter Current Password
   • Enter your current password
   • Required for security verification
3. Enter New Password
   • Enter your new desired password
   • Confirm new password
   • Must meet password requirements
4. Password Requirements
   • Minimum 8 characters
   • Must contain at least one uppercase letter (A-Z)
   • Must contain at least one lowercase letter (a-z)
   • Must contain at least one number (0-9)
   • Must contain at least one special symbol (e.g., !@#$%^&*)
   • New password must be different from current
   • Must match in both confirmation fields
5. Save Changes
   • Click “Update Password” button
   • Password is updated successfully
   • You’ll need to use the new password for future logins

​

Forgot Password Flow

​

Overview

The Forgot Password feature allows you to reset your password if you’ve forgotten it, or set a password if you signed up with social login and don’t have one yet.

​

Requesting Password Reset

Step-by-Step Process:

1. Navigate to Login Page
   • Go to the login page
   • Locate the “Forgot Password” link next to the password field
2. Click Forgot Password
   • Click the “Forgot Password” link
   • You’re redirected to the forgot password page
3. Enter Email Address
   • Enter the email address associated with your account
   • The same email used for social login or email registration
   • Click “Submit” button
4. Password Reset Email Sent
   • A password reset email is sent to your address
   • Success message confirms email was sent
   • Check your inbox (and spam folder if needed)

​

Resetting Password

Step-by-Step Process:

1. Check Your Email
   • Open the password reset email
   • Look for the reset link
   • Email contains a secure token link
2. Click Reset Link
   • Click the password reset link in the email
   • Link is valid for a limited time
   • You’re redirected to the password reset page
3. Enter New Password
   • Enter your new password in “New Password” field
   • Confirm password in “Confirm Password” field
   • Both fields must match
4. Password Requirements
   • Minimum 8 characters
   • Must contain at least one uppercase letter (A-Z)
   • Must contain at least one lowercase letter (a-z)
   • Must contain at least one number (0-9)
   • Must contain at least one special symbol (e.g., !@#$%^&*)
   • Must match in both fields
   • Real-time validation displayed
5. Submit Reset
   • Click “Reset Password” button
   • Password is reset successfully
   • Success message confirms reset
   • You’re automatically redirected to the login page

​

Cooldown and Rate Limiting

The system implements cooldown periods to prevent abuse: Cooldown Periods:

• First request: Immediate (no cooldown)
• Second request: 1 minute wait
• Third request: 5 minutes wait
• Fourth+ requests: 15 minutes wait
• After 5 attempts: Button is disabled

Cooldown Behavior:

• Cooldown timer displays remaining time
• Button shows countdown or disabled state
• Prevents excessive password reset requests
• Resets after cooldown period expires

​

Password Requirements

​

Minimum Requirements

• Length: At least 8 characters
• Uppercase Letter: At least one uppercase letter (A-Z)
• Lowercase Letter: At least one lowercase letter (a-z)
• Number: At least one number (0-9)
• Special Character: At least one special symbol (e.g., !@#$%^&*)
• Confirmation: Must match in both password fields

​

Security Best Practices

• Use a strong, unique password
• Don’t reuse passwords from other accounts
• Consider using a password manager
• Change password periodically
• Don’t share your password with anyone

​

Password Form Behavior

​

For Users Without Password

• Only “Set Password” and “Confirm Password” fields shown
• Current password field hidden
• Button labeled “Set Password”
• Description explains setting up password for email/password login

​

For Users With Password

• Current password field shown (required)
• “New Password” and “Confirm Password” fields shown
• Button labeled “Update Password”
• Description explains updating password for security

​

Form Validation

• Real-time validation as you type
• Requirements displayed below password field
• Confirmation must match new password
• Current password required for updates
• Form cannot be submitted if invalid

​

Troubleshooting

​

Problem: Cannot set password

Solutions:

• Verify password meets all requirements (8+ characters, uppercase, lowercase, number, special symbol)
• Ensure confirmation matches
• Check for validation errors
• Try a different password

​

Problem: Cannot update password

Solutions:

• Verify current password is correct
• Check new password meets requirements
• Ensure confirmation matches new password
• Try again with correct current password

​

Problem: Password requirements not clear

Solutions:

• Minimum 8 characters required
• Must include at least one uppercase letter (A-Z)
• Must include at least one lowercase letter (a-z)
• Must include at least one number (0-9)
• Must include at least one special symbol (e.g., !@#$%^&*)
• Confirmation must match exactly
• Requirements displayed below password field

​

Problem: Forgot Password not working

Solutions:

• Check cooldown timer (may need to wait)
• Verify email address is correct
• Check spam/junk folder for reset email
• Wait for cooldown period if you’ve made multiple requests
• Contact support if disabled after 5 attempts

​

Problem: Reset link expired or invalid

Solutions:

• Reset links expire after a period of time
• Request a new password reset
• Use the most recent reset email
• Check that you’re using the correct link

​

Related Documentation