Password Recovery Overview
Ravvio provides a secure password recovery system that allows you to regain access to your account through email verification and secure token-based password reset.
When You Need Password Recovery
Forgotten Password
Common Scenarios:
- Cannot remember current password
- Haven’t accessed account in extended period
- Password may have been compromised
- Need to update to more secure password
Account Access Issues
Security Situations:
- Suspect account compromise
- Lost password manager access
- Changed email but need password reset
- Multiple failed login attempts
Password Reset Process
Step-by-Step Recovery
1
Initiate Password Reset
Access Reset Form:
- Navigate to Ravvio login page
- Click “Forgot your password?” link below login form
- Enter email address associated with your account
-
Submit password reset request
2
System Processing
Backend Validation:
- System checks if account exists with provided email
- Validates account was created with email (not Google OAuth)
- Cleans up any existing password reset tokens
- Generates secure reset token with 1-hour expiration
3
Reset Email Delivery
Secure Email Sent:
- Professional password reset email delivered to inbox
- Contains secure reset link with unique token
- Clear instructions for completing password reset
-
1-hour expiration notice for security
4
Complete Password Reset
Set New Password:
- Click secure reset link in email
- Enter new secure password
- Confirm password matches requirements
-
Submit to complete reset process
5
Reset Confirmation
Success Message:
- Password successfully updated
- Confirmation message displayed
- Automatic redirect to login page
-
Account ready for immediate access
Security Features
Anti-Enumeration Protection
Anti-Enumeration Protection
Privacy Security:
- Same success message regardless of email existence
- Standard response: “If an account with that email exists, we have sent a password reset link”
- Prevents malicious users from discovering valid email addresses
- Consistent response timing regardless of account status
- No indication whether email is registered or not
- Protection against account discovery attacks
- Maintains user privacy and security
- Industry-standard security practice implementation
Token Security
Token Security
Secure Reset Tokens:
- Cryptographically secure random token generation
- SHA-256 hashed token storage in database
- One-hour expiration time for security
- Single-use tokens that expire after successful reset
- Previous tokens automatically invalidated
- Expired tokens cleaned up automatically
- Secure token validation during reset
- Protection against token replay attacks
Google Account Considerations
OAuth Users
Google Sign-in Users
Special Handling:
- Accounts created with Google OAuth cannot use password reset
- Clear message: “This account was created with Google. Please use Google sign-in instead.”
- Prevents confusion for OAuth-only users
- Maintains account security integrity
Alternative Access
Recommended Solution:
- Use “Continue with Google” option on login page
- Access account through Google authentication
- No password required for Google OAuth accounts
- Secure authentication through trusted provider
Account Type Detection
Provider Validation
Provider Validation
System Checks:
- Determines if account was created with Google OAuth
- Prevents password reset for OAuth-only accounts
- Provides appropriate guidance for each account type
- Maintains security boundaries between authentication methods
User Guidance
User Guidance
Clear Instructions:
- Specific messages for Google users
- Direction to use appropriate authentication method
- No password creation/reset for OAuth accounts
- Maintains account security and user experience
Password Reset Email
Email Content and Features
1
Professional Email Template
Email Components:
- Personalized greeting with user’s name
- Clear explanation of password reset request
- Prominent reset button with secure link
- 1-hour expiration notice for security awareness
2
Security Information
Reset Link Details:
- Unique secure token embedded in URL
- Direct link to password reset form
- Clear expiration time (1 hour from generation)
- Security notice about request legitimacy
3
User Instructions
Clear Guidance:
- Step-by-step instructions for completing reset
- Password requirements and security tips
- Contact information if assistance needed
- Warning about link expiration timing
Email Delivery
Reliable Delivery
Reliable Delivery
Email Service:
- Professional email delivery through notification service
- High deliverability rate with proper authentication
- Branded email templates matching platform design
- Immediate delivery after reset request
- HTML email with professional formatting
- Mobile-responsive design for all devices
- Clear call-to-action button for reset link
- Fallback plain text for compatibility
Troubleshooting Delivery
Troubleshooting Delivery
Common Issues:
- Check spam/junk folder for reset email
- Verify correct email address was entered
- Allow up to 10 minutes for email delivery
- Corporate firewalls may delay delivery
Setting New Password
Password Requirements
Security Standards
Password Criteria:
- Minimum length requirements enforced
- Strong password recommendations provided
- Secure password hashing with bcrypt
- No plain text storage of passwords
Best Practices
Recommended Approach:
- Use unique password not used elsewhere
- Consider password manager for generation
- Include mix of letters, numbers, symbols
- Avoid personal information in password
Reset Completion
Successful Reset
Successful Reset
Reset Process:
- New password securely hashed and stored
- Previous password immediately invalidated
- Reset token marked as used and expired
- User can immediately login with new password
- Success message displayed after reset
- Automatic redirect to login page
- Password change confirmation email sent
- Account activity logged for security
Post-Reset Security
Post-Reset Security
Automatic Security Measures:
- Password change confirmation email sent
- Account activity timestamp updated
- Previous sessions may be invalidated
- Security log updated with reset activity
Troubleshooting Password Recovery
Common Issues and Solutions
1
Reset Email Not Received
Troubleshooting Actions:
- Check spam/junk folder thoroughly
- Verify correct email address was entered
- Wait up to 10-15 minutes for delivery
- Try requesting reset again if needed
- Contact support if email still not received
2
Reset Link Expired
Resolution Steps:
- Reset links expire after exactly 1 hour
- Request new password reset if expired
- Complete reset process promptly after receiving email
- Plan to reset password within time window
3
Reset Link Not Working
Technical Solutions:
- Copy and paste complete URL into browser address bar
- Try different browser or incognito/private mode
- Ensure link hasn’t been used already
- Clear browser cache and cookies if needed
- Request new reset if link appears malformed
4
Google Account Confusion
Account Type Issues:
- If you see Google account message, use “Continue with Google”
- Cannot reset password for Google OAuth accounts
- Use Google authentication for account access
- Contact support if unsure about account type
Advanced Troubleshooting
Corporate Email Issues
Corporate Email Issues
Enterprise Considerations:
- Corporate firewalls may block or delay emails
- IT security policies may quarantine emails
- Contact IT support for email delivery issues
- Request email whitelist for Ravvio domain
Browser and Technical Issues
Browser and Technical Issues
Technical Solutions:
- Disable browser extensions that might interfere
- Try different device or network connection
- Clear browser data and try again
- Ensure JavaScript is enabled in browser
Security Best Practices
After Password Reset
1
Immediate Actions
Security Verification:
- Login immediately with new password to verify functionality
- Update any stored passwords in browser or password manager
- Review account activity for any suspicious access
- Ensure all personal information is still accurate
2
Ongoing Security
Account Protection:
- Use strong, unique password for your account
- Consider enabling additional security features
- Regularly update passwords for enhanced security
- Monitor account activity for unusual behavior
3
Prevention Measures
Future Access:
- Save password securely in password manager
- Keep recovery email address current and accessible
- Bookmark login page for easy access
- Consider Google OAuth for enhanced security
Getting Additional Help
Support Contact
Email Support
Contact Information:
- Email: sujay@ravvio.in
- Include account email address
- Describe specific issue encountered
- Response time: Usually within 24 hours
Information to Include
Helpful Details:
- Account email address
- Error messages received
- Steps already attempted
- Browser and device information
Security Limitations
Security Policy: For security reasons, support cannot reset passwords directly. All password resets must use the automated system with email verification.
Prevention: Consider using “Continue with Google” for easier access and enhanced security if you have a Google account.
Urgent Security: If you suspect your account has been compromised, contact support immediately while also completing the password reset process.