Password Recovery

The Password Recovery Service is used when a user repeatedly enters an incorrect password, completely forgets it, or suspects that the credential has been compromised and wishes to reset it securely. The process typically starts on the login page by selecting the “Forgot Password” option, then entering a primary account identifier such as national ID/residency number, email, or username, followed by the mobile number registered with the account.

A one-time verification code is then sent via SMS or email to confirm that the requester is the legitimate account owner, and the user must enter this code within a limited time window. After successful verification, the system prompts the user to create a new password that complies with defined security rules (minimum length, mix of letters, numbers, and symbols, and ideally not reused from previous passwords), then confirm and save it.

Importance of the Password Recovery Service

Maintains uninterrupted access to the user’s account and services without requiring a new registration or losing historical records.
Enhances security by enforcing identity verification through trusted channels (mobile/email) before allowing a reset.
Reduces load on support teams by enabling users to resolve a common problem through clear self-service steps.
Supports compliance with digital security standards by enforcing password complexity and logging recovery attempts.
Improves user experience by offering a relatively quick way to regain access even after multiple failed login attempts.

Challenges related to the Password Recovery Service

Requires up-to-date contact information (mobile or email); otherwise the user cannot receive verification codes to complete recovery.
Multiple failed attempts to enter verification codes or identity data can trigger temporary account lockout as a security measure.
Some users struggle to create strong, unique passwords, increasing the likelihood of repeated issues or security weaknesses.
If access to both mobile and email is lost, manual intervention or additional identity proof may be required.
The multi-step sequence (identity entry, code verification, new password setup) can feel complex for less tech-savvy users.