Reset Password

Complete your password reset by creating a new secure password.

​

Reset Process

​

Accessing Reset Page

1. Click reset link from password reset email
2. Automatically redirected to reset password page
3. Page displays:
   • Your email address
   • New password field
   • Confirm password field
   • Security requirements

​

Creating New Password

1. Enter new password (minimum 8 characters)
2. Re-enter password in confirm field (must match exactly)
3. Verify password meets requirements
4. Click “Reset Password” button
5. See success message
6. Automatically redirected to login page

​

Password Requirements

Your new password must meet these criteria:

​

Minimum Requirements

• Length: Minimum 8 characters
• Maximum: No limit
• Characters: Letters, numbers, symbols allowed
• Case-sensitive: Password ≠ password

​

Recommended Best Practices

• 12+ characters: Longer is more secure
• Mix types: Upper/lowercase, numbers, symbols
• Avoid patterns: No 12345 or qwerty
• No personal info: Avoid name, birthday, company
• Unique: Different from old password

Strong Password Examples:

• ✅ MyBr@nd$Valu3_2025
• ✅ Sp0ns0rTracking!2025
• ✅ V@liY0u_Secur3Pass
• ❌ password123 (too weak)
• ❌ valiyou (too short)

​

Troubleshooting

​

Link Expired

Error: “Password reset link has expired” Cause: More than 24 hours passed since requesting reset Solution:

1. Go to forgot password page
2. Request new reset link
3. Check email and use link within 24 hours

​

Link Already Used

Error: “This password reset link has already been used” Cause: Password was already reset with this link Solutions:

• Try logging in with new password
• If can’t remember new password, request another reset

​

Invalid Reset Link

Error: “Invalid password reset link” Causes:

• URL corrupted or incomplete
• Link tampered with
• Wrong reset link used

Solutions:

1. Don’t copy-paste link - click directly from email
2. Ensure full URL is copied if manual
3. Request new reset link

​

Passwords Don’t Match

Error: “Passwords do not match” Cause: New password and confirmation field don’t match Solutions:

• Retype carefully in both fields
• Check for extra spaces
• Verify caps lock state
• Use copy-paste between fields (carefully)

​

Password Too Weak

Error: “Password must be at least 8 characters” Solution: Create password with minimum 8 characters. Add numbers and symbols for strength.

​

Same as Old Password

Error: “New password must be different from old password” Cause: Trying to reuse current password Solution: Choose completely new password for security.

​

Security Best Practices

​

Creating Strong Passwords

Use These Strategies:

1. Passphrase Method:
   • Combine 4+ random words
   • Example: Coffee-Dragon-Mountain-42
2. Acronym Method:
   • First letters of memorable sentence
   • Example: IlVY!@2025 = “I love Valiyou! @ 2025”
3. Password Manager:
   • Generate random 16+ character passwords
   • Store securely in manager
   • Never remember complex passwords

​

Password Manager Recommendations

• 1Password - Industry standard
• LastPass - Free option available
• Bitwarden - Open-source
• Dashlane - User-friendly
• Built-in browsers - Basic but convenient

​

What to Avoid

❌ Never Use:

• Personal information (name, birthday, address)
• Common words or phrases
• Sequential numbers (123456)
• Keyboard patterns (qwerty, asdf)
• Company name alone
• Previous passwords
• Simple substitutions (p@ssw0rd)

​

After Password Reset

​

Immediate Actions

1. Log in immediately: Test new password works
2. Save password: Add to password manager
3. Update stored credentials: Update saved passwords in browsers
4. Notify devices: May need to re-login on other devices

​

Sessions Cleared

After reset, you’ll be logged out of:

• All web browsers
• All devices
• All mobile apps

Why: Security measure to prevent unauthorized access with old password.

​

Multiple Devices

If you use Valiyou on multiple devices:

1. Computer - Sign in with new password
2. Tablet - Sign in with new password
3. Mobile - Sign in with new password
4. Shared devices - Ensure old sessions closed

​

Account Security

​

Additional Security Measures

Current Protection:

• bcrypt password hashing
• HTTPS encryption
• Session management
• Audit logging
• Rate limiting

Coming Soon:

• Two-factor authentication (2FA)
• Security keys
• Login alerts
• Device management

​

Monitor Account Activity

After password reset:

1. Check Audit Log for suspicious activity
2. Review recent logins
3. Verify no unauthorized changes
4. Report concerns to support

​

Social Login Users

For Social Users:

• Use provider’s password reset if needed
• No Valiyou password to manage
• Sign in through provider always
• Cannot set custom password (feature coming soon)

​

Prevention Tips

​

Avoid Future Lockouts

• Use password manager: Never forget passwords
• Enable “Remember me”: Stay logged in (30 days)
• Set up social login: Backup authentication method
• Keep email accessible: Required for password resets
• Write it down: Securely store in safe place (last resort)

​

Password Hygiene

• Change regularly: Every 90 days recommended
• Unique per service: Never reuse across platforms
• Complex: Mix character types
• Long: 12+ characters ideal
• Private: Never share with anyone

​

Technical Details

​

Security Implementation

• Hashing: bcrypt with salt
• Transmission: HTTPS only
• Storage: Hashed, never plain text
• Tokens: One-time use, time-limited
• Validation: Server-side requirements check

​

Privacy

• Old password: Not recoverable (by design)
• Reset requests: Logged for security
• Email notifications: Sent on password change
• No staff access: Even support cannot see passwords

​

Next Steps