Password Management
Forgot password, reset password, and change password flows
Password Management
EduShade provides comprehensive password management features including forgot password recovery, password reset, and password change functionality.
Forgot Password
If you've forgotten your password, you can request a password reset link via email.
Steps
- Navigate to the Login page
- Click Forgot Password?
- Enter your registered email address
- Click Send Reset Link
- Check your email for the password reset link
- A confirmation message displays showing which email the reset was sent to
What Happens Behind the Scenes
- A password reset token is generated with a 1-hour expiry
- A verification record is created with type
password_reset - An email is sent containing the reset link with the token
- The previous reset tokens for the same user are invalidated
Rate Limiting
- 3 requests per 5 minutes per IP address
- If you exceed this, wait 5 minutes before requesting again
Reset Password
After receiving the password reset email, use the link or OTP to set a new password.
Method 1: Token-Based Reset (Email Link)
- Click the reset link in your email
- You are redirected to the Reset Password page (
/auth/reset-password?token=...) - Enter your new password
- Confirm the password
- Click Reset Password
- On success, you are redirected to the login page
Method 2: OTP-Based Reset
- On the reset password page, enter your email address
- Enter the OTP received in your email
- Enter your new password
- Confirm the password
- Click Reset Password
Password Requirements
The reset password page shows a Password Requirements Panel with real-time validation:
- Minimum length (typically 8 characters, configurable per tenant)
- If complexity is required:
- At least one uppercase letter (A-Z)
- At least one lowercase letter (a-z)
- At least one number (0-9)
- At least one special character (!@#$%^&*)
Invalid or Expired Links
If the reset link is expired or invalid:
- An error message is displayed: "This reset link is invalid or has expired"
- You can request a new reset link by going back to the Forgot Password page
Change Password
Already logged in and want to change your password? Use the change password feature.
Steps
- Go to Account Settings → Password (or navigate to
/dashboard/profile/settings/password) - Enter your current password (if you have one set)
- Enter your new password
- Confirm the new password
- Click Change Password
Special Cases
No Password Set (Social Login Users): If you registered via social login and never set a password:
- The "Current Password" field is not shown
- You can directly set a new password
- This allows you to use both social login and password login
Password Match Indicator: The form shows a real-time indicator whether your new password and confirmation match.
Password Policy
The platform's password policy is configurable per tenant by administrators. The policy may include:
| Rule | Description | Default |
|---|---|---|
| Minimum length | Shortest allowed password | 8 characters |
| Require complexity | Enforce character variety | Configurable |
| Uppercase required | At least one A-Z | When complexity enabled |
| Lowercase required | At least one a-z | When complexity enabled |
| Number required | At least one 0-9 | When complexity enabled |
| Special char required | At least one !@#$%^&* | When complexity enabled |
The password policy is fetched dynamically from the tenant settings, so it may vary between different organizations using the platform.
Troubleshooting
| Issue | Solution |
|---|---|
| "Reset link expired" | Request a new reset link from the Forgot Password page |
| "Invalid token" | The link may have been used already or is malformed. Request a new one |
| "Current password incorrect" | Ensure you're entering your current password correctly |
| "Password doesn't meet requirements" | Check the requirements panel and ensure all criteria are met |
| Didn't receive reset email | Check spam/junk folder. Ensure you entered the correct email |
| Rate limit exceeded | Wait 5 minutes before requesting another reset |