← Help Center

How does password reset work?

Last updated 2026-04-28

Forgot password

  1. Go to tradelyhq.com/app
  2. Click "Forgot password?" below the sign-in form
  3. Enter your email and click "Send reset link"
  4. Check your inbox — a Supabase-issued reset link arrives within ~1 minute
  5. Click the link → you're redirected to a page where you set a new password
  6. Sign in with the new password

Privacy note: the form ALWAYS shows a "check your inbox" success message, even if you typed an email that doesn't exist in our system. This is intentional — it prevents an attacker from probing emails to find which ones have accounts.

Change password (while signed in)

From any portal — admin, tech, or client:

  1. Click Change Password in the sidebar (desktop) or bottom nav (mobile)
  2. Enter your current password (this is required for security — it stops a stolen session token from rotating your password)
  3. Enter your new password (10+ chars, must contain a letter and a digit)
  4. Click Save

First-login forced rotation

When someone is invited (admin invites a tech, owner invites a teammate), they get a temp password in their email. On their first sign-in:

  1. They sign in with the temp password
  2. They're immediately routed to a "set your real password" screen — they cannot use the app until they do this
  3. They set a new password (same 10+ chars + letter + digit rules)
  4. They land in the portal

The forced-rotation flow doesn't ask for the current password (because the user JUST typed it as a temp password 2 seconds ago — making them retype it would be silly). Once they're past the forced-rotation step, normal change-password flow applies.

Two-factor authentication (2FA)

Optional today, available via the 2FA button in the sidebar. Uses TOTP (Google Authenticator, 1Password, etc.). Once enabled, sign-in requires email + password + a 6-digit code from your authenticator app.

Mandatory-2FA-for-owners is on the BACKLOG.

If reset emails aren't arriving

Still stuck? Ask for a demo →