Frontend
Authentication & Login

Authentication & Login

Overview

The Worksphere system uses a secure two-step authentication process to ensure user account security. Users must log in with their username/password and verify their identity through an OTP (One-Time Password) sent to their registered email.

Login Process

Step 1: Username and Password

Accessing the Login Page

  1. Open your browser and navigate to the Worksphere portal
  2. You'll see the login page with two input fields:
    • Username - Your assigned username
    • Password - Your account password

Entering Credentials

  • Username: Enter your assigned username (case-sensitive)
  • Password: Enter your password (case-sensitive)

CAPTCHA Verification

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is displayed to verify you are human:

  1. CAPTCHA Types

    • Image-based CAPTCHA: Identify objects, numbers, or letters in images
    • Text-based CAPTCHA: Type the characters shown
    • reCAPTCHA: Click the checkbox to verify

  2. How to Complete CAPTCHA

    • Look at the CAPTCHA challenge displayed
    • Follow the instructions (e.g., "click all traffic lights")
    • Type or select the correct answer
    • If incorrect, click "Try Again" for a new challenge

  3. Accessibility

    • Click the speaker icon for audio CAPTCHA
    • Use keyboard to navigate
    • Request new CAPTCHA if unclear

Login Button

Once CAPTCHA is completed, click the Login button to proceed to the OTP verification step.

Troubleshooting Login Issues

  • Verify CAPS LOCK is off
  • Check that username is spelled correctly
  • Ensure password is correct
  • Complete CAPTCHA correctly
  • Use "Forgot Password" to reset if needed

Account Locked

  • Account locks after 5 failed attempts
  • Wait 15 minutes for automatic unlock
  • Or contact HR to unlock immediately

Login Page Not Loading

  • Clear browser cache (Ctrl+Shift+Delete)
  • Try a different browser
  • Check internet connection

Step 2: OTP Verification

What is OTP?

OTP (One-Time Password) is a 6-digit security code sent to your registered email address. This adds an extra layer of security to your account.

Receiving the OTP

After entering valid credentials:

  1. The system validates your username and password
  2. A 6-digit OTP code is generated
  3. The OTP is sent to your registered email address
  4. You are redirected to the OTP verification page

OTP Email

Email Subject: "Worksphere Login Verification - OTP"

Email Content:

Dear [Your Name],

Your Worksphere login verification code is:

123456

This code will expire in 10 minutes.
Do not share this code with anyone.

If you did not attempt to log in, please contact your HR department immediately.

Regards,
Worksphere System

Entering the OTP

OTP Input Field

  1. You'll see the OTP verification page
  2. Enter the 6-digit code you received in your email
  3. The code is case-insensitive

OTP Timer

  • Validity: OTP is valid for 10 minutes
  • Timer Display: Shows countdown timer on the page
  • After Expiry: Code becomes invalid, request a new one

Verification Process

  1. Enter all 6 digits in the input field
  2. Click Verify OTP button
  3. The system validates the code
  4. Upon successful verification, you are logged in

After Successful OTP Verification

Once OTP is verified successfully:

  1. Your authentication is complete
  2. You are redirected to the Dashboard
  3. Your session is established
  4. You can now access all authorized features

Security Best Practices

Password Management

  1. Strong Password

    • Use combination of uppercase, lowercase, numbers, symbols
    • Minimum 8 characters
    • Avoid dictionary words

  2. Change Password Regularly

    • Change every 90 days
    • Don't reuse recent passwords
    • Use unique passwords for different systems

  3. Keep Password Safe

    • Never share with anyone
    • Don't write it down
    • Don't save in browser (unless on personal device)

OTP Security

  1. OTP is Personal

    • Never share your OTP with anyone
    • Worksphere staff will never ask for your OTP
    • Delete OTP email after login

  2. Don't Keep OTP Screen Open

    • Complete verification immediately
    • Don't leave verification page unattended
    • Log out after use

  3. Suspicious Activity

    • If you receive unexpected OTP, someone may be trying to access your account
    • Change your password immediately
    • Contact HR if issue persists

Device Security

  1. Public Computers

    • Don't use public/shared computers for login
    • Clear cache after use
    • Don't check "Remember Me"

  2. Session Management

    • Always log out when done
    • Don't leave session unattended
    • Session times out after 30 minutes of inactivity

Forgot Password

Reset Your Password

If you forget your password:

  1. Go to Login page
  2. Click Forgot Password link
  3. Enter your registered email
  4. Click Send Reset Link
  5. Check your email for password reset link
  6. Click the link in email
  7. Enter new password
  8. Confirm password
  9. Click Reset Password
  10. Return to login with new password

Password Reset Email

Email Subject: "Worksphere Password Reset Request"

Email Content:

Dear [Your Name],

We received a password reset request for your account.

Click the link below to reset your password:
[Reset Link]

This link will expire in 1 hour.

If you did not request this, please ignore this email.

Regards,
Worksphere System

Two-Factor Authentication (2FA)

Why Two-Factor Authentication?

The combination of password and OTP provides:

  • Enhanced security
  • Protection against unauthorized access
  • Compliance with data protection regulations
  • Peace of mind for sensitive HR data

Authentication Flow Diagram

┌─────────────────┐
│  Login Page     │
│ Username        │
│ Password        │
│ CAPTCHA         │
└────────┬────────┘


┌─────────────────┐
│ Validate User   │
│ Credentials &   │
│ CAPTCHA         │
└────────┬────────┘

    ┌────┴──────┐
    │            │
   ✓            ✗
    │            │
    ▼            ▼
┌─────────┐  ┌──────────┐
│Generate │  │Error: Bad│
│ OTP     │  │Credentials
└────┬────┘  │or CAPTCHA
     │       └──────────┘


┌──────────────────┐
│Send OTP to Email │
└────┬─────────────┘


┌──────────────────┐
│OTP Verification  │
│Enter 6 digits    │
└────┬─────────────┘

    ┌────┴────┐
    │          │
   ✓          ✗
    │          │
    ▼          ▼
┌────────┐  ┌────────┐
│Dashboard│ │Try Again
│         │ │
└────────┘ └────────┘

Common Questions

Q: Why do I need CAPTCHA? A: CAPTCHA protects your account from automated attacks and unauthorized access attempts.

Q: What if I can't solve the CAPTCHA? A: Click "Try Again" or "New CAPTCHA" to get a different challenge. Use the audio option if visual CAPTCHA is difficult.

Q: Why do I need OTP? A: OTP adds an extra layer of security to protect your account and sensitive HR data.

Q: How long is the OTP valid? A: OTP is valid for 10 minutes from when it was sent.

Q: What if I don't receive the OTP email? A: Check spam/junk folder. If not found, request a new OTP. Contact HR if issue persists.

Q: Can I log in without OTP? A: No, OTP verification is mandatory for security compliance.

Q: What if I enter wrong OTP? A: You can try again. After 3 wrong attempts, you'll need to re-enter password.

Q: How do I change my registered email? A: Contact your HR department. Email change requires verification.

Next: Dashboard Overview

IntroductionDashboard Overview