BitFolk password reset

From BitFolk
Jump to: navigation, search

Many BitFolk services require authentication, and use a set of credentials independent of your VPS. These are your BitFolk account credentials. This article covers how to reset the password for this account.

Your user/account name

Your user name or account name is the name chosen (usually by BitFolk) when your account was created. It appears in the email that you are sent upon account creation, and can normally also be found in the file /root/PASSWORDS.

Resetting your password

By default, you can trigger a password reset by following the "Forgotten password?" link on the login page of the BitFolk Panel.

Warning Warning: This is for your BitFolk account, not for the user passwords on your VPS. BitFolk has no access to the passwords of accounts on your VPS.

The form will ask you for your user name. This is all lower case. Once you successfully enter the user name of an existing account, an email will be sent to the email address on record for that account. This email will contain a link with a token in it which resets the account password to a random string.

Forgotten your user name too? Email address only accessible from your (dead) VPS? Reset email not showing up?

If you've also forgotten your user name or there's some other calamity that prevents this working then you'll need to contact BitFolk support by email. If your VPS is down and you haven't had a response from support for half an hour or so, it's acceptable to send a text message to the emergency contact number.

Isn't this incredibly insecure?

By default, someone who:

  • knows your user name, and;
  • can read your email

can reset your BitFolk account password. They would then be able to log in to the Xen Shell and wipe your VPS's disks, for example.

If you consider that an unacceptable risk then you can disable email reset from the "Security" section of the Panel. If you then ever forget your account password you will need to contact support to have it reset. Support will likely demand rigorous proof of your identity, which might take a long time.