Sign In Hoggit

Sign in



Signing into the Hoggit platform is a straightforward process designed to provide users with quick and secure access to their accounts, whether they are using the web interface or one of the mobile applications. The sign‑in experience prioritizes both usability and security, ensuring that your data remains protected while keeping the login flow as frictionless as possible.



---




1. Accessing the Sign‑In Page




Web Browser: Navigate to the Hoggit homepage and click on the "Sign in" button located in the upper right corner of the page. This will redirect you to the dedicated sign‑in screen.


Mobile App: Open the Hoggit app from your device’s home screen. On the welcome screen, tap the "Log In" option to reach the authentication form.







2. Entering Credentials



Email and Password

The standard login method requires:




Your registered email address (case‑insensitive).


The password you chose during account creation or that was last set via a password reset.




Remember me: If you wish to stay logged in across sessions, check the "Keep me signed in" checkbox on the web version or toggle the corresponding switch on mobile.





Two‑Factor Authentication (2FA)

If 2FA is enabled:




After submitting your email and password, a verification prompt will appear.


Enter the code generated by your authenticator app (e.g., Google Authenticator) or received via SMS.



Troubleshooting Tips:


Ensure the NTP clock on your device is correct; an incorrect system time can invalidate 2FA codes.


Clear browser cache if you’re stuck in a login loop.


Disable any VPNs that might alter your perceived IP address; this could trigger additional verification steps.







4. Password Reset Workflow


Below is a step‑by‑step guide to resetting a forgotten password, including handling of edge cases such as expired or revoked reset tokens.





Initiate Reset Request


- Navigate to the login page and click "Forgot password?"
- Enter your registered email address; the system verifies that it belongs to an active account.
- If the email is not found, display a generic success message ("If this email is associated with an account, you’ll receive instructions") to avoid enumeration attacks.





Generate Secure Token


- Create a cryptographically random token (≥ 32 bytes) and encode in URL‑safe base64.
- Store the token hashed (e.g., SHA‑256) along with:
- User ID
- Expiration timestamp (15 minutes from now)
- "Used" flag set to false





Send Email


- Construct a single-use link: `https://example.com/reset?token=TOKEN`.
- Use a reputable email service; include subject, body, and clear instructions.
- Avoid revealing user identifiers in the URL or email.





User Clicks Link


- Verify token:
- Hash incoming token and look up hashed value in DB
- Check expiration
- Ensure "used" flag is false
- If valid, present password reset form; else show error.





Password Reset Form Submission


- Validate new password strength.
- Update user’s password hash in DB.
- Set token’s "used" flag to true or delete the token record.
- Optionally send confirmation email.





Security Measures


- Rate limit login attempts and token requests.
- Use HTTPS everywhere; enforce HSTS.
- Store passwords with a strong algorithm (bcrypt/scrypt/argon2).
- Log relevant events for monitoring.



This workflow ensures that only users who can prove possession of the account’s email address can change the password, while protecting against brute‑force and replay attacks.

Gender: Female

Social links