Praisma Hub LogoPraisma Hub

1.1.7 Account Recovery — Password Reset and 2FA Recovery Codes

Account recovery in Praisma Hub is designed to help users regain secure access to their account while maintaining strict protection against unauthorized use. This section explains how password recovery and two-factor authentication (2FA) recovery are handled, and what safeguards are in place to protect organizational data during recovery scenarios.

Password reset process

If a user forgets their password, Praisma Hub provides a secure password reset workflow. The process starts by requesting a password reset using the registered email address. A time-limited recovery link is sent to that address, allowing the user to create a new password.

The reset link is valid only for a short period and can be used once. This prevents reuse or interception. New passwords must meet defined security requirements to ensure sufficient strength. Passwords are securely hashed and never stored or transmitted in plain text.

Identity verification and protection

During account recovery, Praisma Hub verifies ownership of the email address before allowing any changes. This ensures that only the legitimate account holder can reset credentials. If multiple failed attempts occur, additional safeguards may be triggered to prevent abuse.

All recovery actions are logged for auditing purposes. This provides traceability and helps administrators detect suspicious behavior.

Two-factor authentication recovery

For accounts protected with two-factor authentication, Praisma Hub provides recovery codes. These codes are generated when 2FA is enabled and must be stored securely by the user. Each recovery code can be used once to regain access if the primary second factor is unavailable.

Using recovery codes ensures that users are not permanently locked out of their account while still maintaining strong security. Once a recovery code is used, it becomes invalid, and new codes can be generated if required.

Administrative assistance

In certain cases, administrators may assist with account recovery. This can include resetting credentials or disabling 2FA temporarily for a user who has verified their identity through internal procedures. Administrative recovery actions are restricted to authorized roles and are fully logged.

This controlled approach ensures that recovery support does not become a security risk.

Best practices for users

Users are strongly encouraged to keep their recovery email address up to date, store 2FA recovery codes securely, and choose strong, unique passwords. These practices significantly reduce the risk of account lockout and unauthorized access.

By combining user-controlled recovery options with administrative safeguards, Praisma Hub balances usability with security.