Password reset
Recover a forgotten password using a 6-digit code sent to your email.
What this means
You can reset your password from the sign-in page. Bilbis emails you a 6-digit code, you type the code into the reset page, and you set a new password.
There are two pages in the flow:
- Forgot password - type your email. Bilbis sends a code.
- Reset password - type the code and a new password. The new password takes effect immediately.
When to use it
- You forgot your password.
- A teammate told you they reset your account (legacy admin flow - see Invitations instead if it was an invite).
- You suspect your password is compromised and want to set a new one before signing in.
Before you start
- You need access to the email address on your account.
- The reset code expires shortly after it's sent. Use it the same session.
- Bilbis may rate-limit repeated requests from the same address.
Steps
1. Open the forgot-password page
From sign-in, click Forgot password? under the password field. Or go directly to /forgot-password.
2. Submit your email
Type the email associated with your account. Click Send reset code.
The page switches to a "Check your email" message. Bilbis sends the code only if an account exists for that email - for security, the page doesn't tell you whether it does.
3. Open the reset-password page
Click the Enter reset code button on the confirmation screen, or open /reset-password directly. If the URL has an ?email= parameter, the email field prefills.
4. Fill in the form
| Field | What it means |
|---|---|
| The email you requested the code for. Prefilled from the URL when the link in the email is clicked. | |
| 6-digit code | The code from the email. |
| New password | At least 12 characters. |
| Confirm new password | Must match. |
Click Update password.
5. Sign in with the new password
The page shows a "Password updated" toast and sends you back to sign-in. Use your new password from there.
What happens after
- Your old password stops working.
- If MFA was enabled on the account, it stays enabled. You'll still need a second factor at sign-in.
- Sessions on other devices are not automatically invalidated by this flow alone - your operator may have additional behavior here. Check Settings → Security for active sessions when that surface lands.
Errors you might see
| Message | What it means |
|---|---|
| "That code isn't valid or has expired. Request a new one." | The code is wrong, or it expired. Use Send a new one at the bottom of the form. |
| "This code expired. Request a new one." | The code is older than the window allows. Use Send a new one. |
| "Too many attempts. Try again later." | Rate limit. Wait a few minutes. |
| "No account exists for that email." | On the forgot-password form. Bilbis does confirm this case here. Double-check the address. |
Permissions
| Action | Who can do it |
|---|---|
| Request a reset code | Anyone - for any email. |
| Use a code to set a new password | Anyone with both the email and the code. |
Problems and fixes
| Problem | What to check |
|---|---|
| The reset email never arrived. | Check spam. Make sure the address you typed is the one on your account. Try Send a new one. |
| "That code isn't valid or has expired." | Codes are short-lived. Use the most recent email's code. If you reused an old code, request a fresh one. |
| The password update succeeded but sign-in still rejects me. | Make sure caps lock is off. Try the new password fresh. If the new password still fails, request another code and set it again. |
| I don't have access to the email anymore. | Bilbis can't reset without email access. Contact your admin to update the email or recreate the account. |
| I got "Too many attempts." | Wait a few minutes. Don't click submit repeatedly - that's what triggers the limit. |
Related pages
- Sign in and register - sign in with the new password.
- Multi-factor authentication - second factor still applies after a reset.
- Email verification - different flow, same email address.