Booksmor Accounting | Simplified
Start free trial

Profile, Password and Forgot Password

How to update your personal profile, change your password, and recover access if you forget your password.

How to update your personal profile, change your password, and recover access if you forget your password.

Time to read: ~5 minutes.

Where to find the screens

  • Setup → My profile — your personal info (email, name, contact).
  • Setup → My profile → Change password — change your own password.
  • /forgot-password (no login required) — reset password via OTP.
  • /change-password — forced first-login swap for invited users.

My profile

The Profile page shows your account-level info — independent of any company:

FieldNotes
EmailYour sign-in email. Changing it changes how you log in.
NameDisplayed in audit logs and on member rosters.
PhoneOptional; used for WhatsApp share fallback.

Edit any field → Save.

Change password (logged in)

  1. Setup → My profile → Change password (or go directly to /change-password).
  2. Fill in:
    • Current password — your existing one.
    • New password — meeting the policy: min 9 characters with at least 1 uppercase, 1 digit, 1 special. Live ticks under the field show requirement compliance.
    • Confirm new password — type the new one again.
  3. Click Save.

You stay signed in; future logins use the new password.

Hashing uses Argon2id (stronger than bcrypt). Booksmor never stores or displays your password.

First-login forced password change

If your account was created by someone else inviting you (with a temporary password), Booksmor forces you to set your own password on first login. Until you do, all other pages redirect to /change-password.

This protects against the inviter knowing your password longer than the first session.

Forgot password (logged out)

Forgotten your password? Use the OTP-based reset:

  1. From the Sign in page → click Forgot password, or go to /forgot-password.
  2. Step 1 — Email: type your email → click Send code.
  3. Booksmor emails a 6-digit OTP to that address (valid for 10 minutes, max 6 wrong-code attempts).
  4. Step 2 — Code + new password:
    • Paste the OTP.
    • Type a new password (meeting the policy).
    • Confirm.
    • Click Reset password.

You’re signed in with the new password.

If you don’t receive the OTP, check spam. If still missing, click Resend code (rate-limited at 5/hour/email + 10/hour/IP).

Password policy

Booksmor enforces password strength across every accepting endpoint:

  • Minimum 9 characters.
  • At least 1 uppercase letter.
  • At least 1 digit.
  • At least 1 special character (e.g. ! @ # $ % & *).

The PasswordHints component on every password input shows live ticks for each requirement so you can see in real time which conditions are met.

Common patterns that pass: Passw0rd!, BksmGreat2026!, MyDog#1Loves.

Common patterns that fail: password1 (no upper, no special), BOOKSMOR (no digits, no special, no lowercase).

Show / hide password fields

Every type=password input across Booksmor uses the PasswordInput component with an inline Show/Hide toggle (eye icon). Click to reveal what you’ve typed — useful for verifying a long temporary password without retyping.

OTP / email-verification anti-spam

To prevent abuse, Booksmor caps:

  • Verification OTP requests: 5 per hour per email + 10 per hour per IP.
  • Verification OTP guessing: 6 wrong attempts → blocked for the OTP’s lifetime (10 minutes).
  • Password reset OTP: same caps.

These caps protect both your account (against brute force) and Booksmor’s email reputation (against bots harvesting addresses).

Common questions

Can I change my email? Yes — Setup → My profile → Email → save. Future logins use the new email. You’ll be sent a verification code to the new address to confirm ownership.

Can I have two accounts with the same email? No — email is unique per account. If you try to register an already-registered email, Booksmor blocks it. Use Forgot password to recover the existing account.

Does Booksmor support 2FA / multi-factor authentication? Not in the current release. Strong password policy + OTP-only verification cover the most common attack vectors. 2FA is on the roadmap.

My OTP never arrives. Check spam first. If still missing, your email provider may block automated transactional emails — talk to your email admin or use a different address for sign-in.

Can my admin reset my password without me? Yes — Owners of your company can issue a new temporary password from Team → [your member row] → Reset password. You’ll be forced to change it on next login.

Will old browser sessions stay logged in after I change my password? Other sessions remain logged in for their token lifetime. To force logout everywhere, change the password, then optionally use Sessions → Revoke all (if visible in your profile) — this immediately invalidates every active token.

Can I disable login by email + password and require something else (SSO, magic link)? Not currently. SSO support is a planned platform feature.

Does the Forgot password flow tell attackers whether my email is registered? No — Booksmor always returns “OK” whether the email is registered or not. The OTP only sends if the email is genuinely on file.

Troubleshooting

“Wrong or expired code” on OTP entry. Either the OTP timed out (10 minutes), you typed it wrong, or you’ve used up your 6 wrong-guess attempts. Request a fresh one.

Reset link from email goes to a “verification link invalid” page. That’s the older link-based path — Booksmor now uses OTP codes. If you got a code in the same email, paste that into the OTP form on /verify or /forgot-password.

Stuck on /change-password and can’t access anything else. You’re an invited user who hasn’t set their own password yet. Set the new password — Booksmor unblocks the rest of the app on save.

“Too many wrong codes — request a new one” toast. You hit the 6-attempt cap. Click Resend code to start fresh.

Need more help? Email support@booksmor.com with your email address (the one you sign in with) and what’s going wrong.