Login & Security
Logging In
After verifying your email, you can log in to your account at any time.
- Go to the login page
- Enter your email and password
- Click the Log In button
- You will be redirected to your dashboard
Login with Google
If you signed up with Google, click the Log in with Google button on the login page.
Login rate limits
To protect accounts from brute-force attacks, the system limits login attempts: a maximum of 10 per 10 minutes per IP address and 5 per 15 minutes per email. If you exceed the limit, you will be temporarily locked out.
Forgot Password
- Go to the forgot password page
- Enter your registered email address
- Check your inbox and click the password reset link
- Enter a new password (minimum 8 characters)
- After resetting, all current login sessions will be revoked
Password reset links are valid for 1 hour. If a link expires, request a new one.
Session Management
Each login creates a separate session. The system uses JWT tokens for authentication. You can manage your sessions in your account settings.
Log Out
Click the Log Out button in the top-right corner of your dashboard to end the current session.
Account Security Tips
- Use a strong password: at least 12 characters, combining uppercase, lowercase, numbers, and special characters
- Do not reuse passwords from other services
- Never share your password with anyone
- Log out when using shared devices
- Review your account activity regularly
- Enable two-factor authentication when available (coming soon)
If you suspect your account has been compromised, reset your password immediately and contact [email protected].
System Security
HaMi Code Việt applies multiple layers of security to protect your account:
- Passwords are hashed using PBKDF2 with the Web Crypto API
- Session tokens use JWT HMAC-SHA256
- Request rate limiting via Cloudflare Durable Objects
- Strict HTTP security headers (CSP, HSTS, X-Frame-Options)
- Automated token leak scanning in system logs