Password Reset !full! | Simplix

Feature Draft: Simplix Password Reset

Status: Draft Version: 1.0 Date: October 26, 2023

Error 2: Reset link expired

• Cause: You waited longer than 15–30 minutes to click the link.
• Fix: Go back to the login page and request a new reset link. Then act immediately.

5.1. API Endpoints

A. Request Reset

• Endpoint: POST /api/auth/password-reset/request
• Payload: "email": "user@example.com"
• Response: 200 OK (Always returns success to prevent enumeration).
• Background Process:
  1. Check DB for user.
  2. If user exists, generate token, hash it, and store in password_resets table.
  3. Send email via queue worker.

B. Confirm Reset

• Endpoint: POST /api/auth/password-reset/confirm
• Payload: "token": "xyz...", "new_password": "SecurePass123", "confirm_password": "SecurePass123"
• Response:
  • 200 OK (Success).
  • 400 Bad Request (Passwords do not match or complexity failed).
  • 401 Unauthorized (Token expired or invalid).

10. Limitations & Considerations

• Requires pre‑enrollment for non‑email methods (SMS, TOTP). New users without any recovery method must contact helpdesk once.
• No offline mode – needs network access to directory and verification services.
• SMS costs may apply if using third‑party gateways.
• Breach API dependency – external call adds ~200–300 ms latency.

2.1 Identity Proofing (Multi-factor verification)

• Pre-registered methods: Users verify via SMS OTP, email link, or authenticator app (TOTP).
• Security questions (optional, but discouraged in modern flows unless hashed).
• Device recognition – trusted devices skip secondary challenge.

9. Frequently Asked Questions (FAQ)

How to reset another user’s password:

1. Log into your Simplix admin portal.
2. Navigate to “User Management” or “Employee Administration” (depending on your module).
3. Search for the employee by name, ID, or email.
4. Click on the user’s profile.
5. Look for a button labeled “Reset Password”, “Generate Temporary Password”, or “Force Password Change”.
6. Simplix will either:
   • Automatically generate a temporary password (which you must share securely with the employee).
   • Send a reset link directly to the employee’s personal email on file.
7. Instruct the employee to log in immediately with the temporary password and set a new one.

Security Warning: Never share temporary passwords via unencrypted email or text. Use a secure channel or a password vault. simplix password reset

---

5. Method 3: Admin-Initiated Reset for Team Members

Are you an IT administrator or Simplix super admin? You can reset passwords for any user under your organization’s plan without needing their email confirmation. Feature Draft: Simplix Password Reset Status: Draft Version:

Q4: What if I forgot my Simplix username too?

A: Ask a team member to check their “Organization Directory” or contact your Simplix admin. They can look up your email based on your full name. Cause: You waited longer than 15–30 minutes to