Recovering Your Password and Account Access: Security & Protocols

At Softsasi, we prioritize the protection of your project data, intellectual property, and financial records above all else. However, we understand that losing access to your account can be a critical bottleneck, especially during active development milestones. This guide provides an exhaustive path to recovering your password while maintaining the strict security standards our enterprise clients expect.

1. Our Security Philosophy

Softsasi utilizes Firebase Authentication, an industry-leading identity platform by Google. This means:

• Zero-Knowledge Storage: We do not store your plain-text passwords on our servers. We only store cryptographic hashes.
• Protocol-Driven Recovery: Access recovery is strictly tied to your Verified Email Address.
• Automated Shielding: Our system is designed to detect and block suspicious recovery attempts using behavioral analysis and IP rate-limiting.

2. Standard Password Reset Flow

If you have forgotten your password but still have access to your registered email, follow this standard procedure for an instant reset:

Step 1: Access the Reset Entry PointNavigate to the Softsasi Login Portal. Beneath the "Sign In" button, you will find the "Forgot Password?" link. Click this to enter our secure recovery environment.
Step 2: Identification PhaseEnter the exact email address used during your registration.

[!IMPORTANT] To prevent "User Enumeration" (an attack where hackers check if an email exists in our system), our dashboard will say "If this email is in our system, a reset link has been sent," even if the email doesn't exist. This protects your privacy.

Step 3: The Security Token Delivery

Check your inbox for a message from Softsasi Security (no-reply@softsasi.com). This email contains a one-time cryptographic token embedded in a URL.

• Validity: This token expires after 60 minutes.
• Unique Link: The link only works for your specific account and is invalidated immediately after a successful reset.

 

3. Phishing Protection:

 Identifying Official EmailsHackers often try to steal passwords by sending fake "Recovery Link" emails. Before you click, ensure the email meets these Softsasi Security Standards:

1. Sender Address: Must be no-reply@softsasi.com or noreply@softsasi-legacy.firebaseapp.com.
2. Link Domain: The link should lead to softsasi.com or the official Firebase hosting subdomain for Softsasi.
3. No Personal Info: We will never ask you for your old password or CC details within a recovery email.

4. Multi-Factor Authentication (MFA) & Recovery

If you have enabled Two-Factor Authentication (2FA), the recovery process is slightly different:

• The Challenge: After resetting your password, you will still be asked for your 2FA code (App or SMS).
• Lost 2FA Device?: If you have lost your 2FA device, you must use one of the Backup Recovery Codes provided to you when you first enabled 2FA.
• No Backup Codes?: If you have lost both your password and your 2FA backup codes, you must enter the Manual Verification Protocol (see Section 6).

5. Session Management & Forced Logout

For your safety, when you successfully reset your password:

• Automated Termination: All other active sessions on all other devices (laptops, phones, tablets) are immediately logged out.
• Reason: This ensures that if your password was stolen by someone else, their access is terminated the moment you reclaim your account.

6. Manual Identity Verification Protocol

If you have lost access to your registered email account, automated recovery is impossible. To protect our clients from "Social Engineering" attacks, we require a rigorous manual check:

How to Initiate:Contact [email protected] with the subject: Urgent: Manual Access Recovery.
The Evidence Requirement:To verify your identity, our staff will request at least three of the following:

• Transaction History: The last 4 digits of the card used for your most recent PipraPay transaction.
• Project Specifics: The Title and Column location of at least two Kanban cards in your active workspace.
• Corporate Proof: An official letter from your company’s HR or Legal department (for Enterprise accounts).
• Service ID: Your unique order ID from a recent invoice (stored in your email outside the app).

7. Account Lockout Logic

To prevent automated "Brute Force" attacks (where bots try thousands of passwords), we implement a tiered lockout system:

• Soft Lock (5 Attempts): After 5 wrong passwords, your IP address is temporarily blocked for 30 minutes.
• Hard Lock (15+ Attempts): Your account may be flagged for "Potential Compromise." In this state, even the correct password will not work until you perform a Verified Email Reset.

8. Pro Tips for "Recovery Resilience"

1. Use a Verified Email: Never skip the initial verification step. Unverified accounts are harder for our team to recover manually.
2. Store Backup Codes Safely: If you use 2FA, print your recovery codes and store them in a physical safe. Never store them in your email.
3. Appoint a Delegate: For business accounts, always have at least two "Admin" level users. If one is locked out, the other can provide administrative support.

9. Summary

Password recovery at Softsasi is a balanced process of convenience and uncompromising security. By following the standard reset flow and maintaining your 2FA backups, you can restore your access within minutes. In extreme cases, our manual verification protocol ensures that your sensitive project data never falls into the wrong hands.

Still having trouble? Our security engineers are available via the Tawk.to live chat widget on any Softsasi page or by emailing [email protected].