# Init commit 👋 By [Forgot password (again.)](https://paragraph.com/@forgot-password-again) · 2024-11-05 --- ### Knock knock.. you there? This is a test post broadcasting the genesis of this account in **Mirror.xyz**. “Forgot password (again.)” becomes the official account name drawing from the author’s realization where this is the most common occurrence that happens to everyone. Literally everyone, including your parents, when they try to login to their Google account or any other applications. A little story -------------- One day, Bob tried to login to one of his most used applications. But oops, he got logged out. ![Sorry, you must sign in again](https://storage.googleapis.com/papyrus_images/2bf6a383f77441201cfa1c6457742d342c71dbe8b18742fd96523bc85b340bd5.png) Sorry, you must sign in again This did not appear to be a big deal, until he found that he had forgotten his password! All this time he had been using the app daily without ever getting prompted for re-authentication. But alas, that day was just unlucky for Bob. He did not stop there. Here were the remaining of the story: 1. Clicked ‘Forgot password’ and entered his email. 2. Screen alerted to check for any one-time password (OTP) email, waited for 10 mins but did not receive any. 3. Clicked ‘Resend OTP’ and finally got one. 4. Successfully verified the OTP, and then prompted to set a new password. 5. Error occurred saying the new password cannot be the same as the last ten passwords. 6. Thought so hard and finally was able to set a fresh new password. 7. System prompted ‘Stay signed in?’ And it was a no-brainer for Bob to opt-in to have the application remembers his login session for as long as it could. He totally hated this experience and wished that he would never have to deal with any password-related stuff again. But you guessed it, a few weeks later, the cycle repeated. You might have been in Bob’s shoes before. This does not sound unfamiliar to you. While many users do not notice, because they simply do not care, there are actually a lot of things to unpack here. Users do not really care because they just want to access that particular application to get work done. They would get frustrated in above situation, thinking how could the application be so unintelligent, when they literally have been logging in successfully all this time, on that same device, and suddenly decides to be uncooperative on that unlucky day. However, from the application’s perspective, there are a number of components to look at depending on the policies configured, including but not limited to: * How can the user login? Single-factor or multi-factor authentication required? * How can the user recover the lost factor(s)? What if all required factors are lost? * How long can the user stay inside the application without re-authentication? * etc. As you go down the rabbit hole, you are entering the world of identity and access management (IAM). ![image source: strongdm.com](https://storage.googleapis.com/papyrus_images/de3feaa919b059f1940ad1793bf313c1142e9934a159b4169312b37d27bb88cb.png) image source: strongdm.com What is this? ------------- In “Forgot password (again.)”, we are going to cover things related to authentication and authorization in the digital space. The upcoming series ranges from beginner to more advanced topics. At first, it may look like a niche, uninteresting, and complex field. But hopefully, with simplified explanations, it will be very easy to digest for all levels of readers, drawing interests to delve into the tidbits of IAM. Now almost everyone has at least one digital identity, and have at least few occasions to login to some applications. This is not a rocket science, but a knowledge that should be commonized to the world at large. --- *Originally published on [Forgot password (again.)](https://paragraph.com/@forgot-password-again/init-commit)*