Password and security
Dotwave keeps account security deliberately simple: email and password only, sessions that expire on a fixed schedule, and automatic protection against repeated failed logins. This article explains how to change your password, recover a forgotten one, how long a session lasts, and what happens if too many wrong attempts pile up.
Changing your password
You can update your password whenever you want from inside the app. Open Settings and go to the Security section, then enter a new password and save. Changing your password is a good habit if you have shared a device, suspect someone may have seen your credentials, or simply rotate passwords periodically. Choose something strong — Dotwave stores passwords using industry-standard hashing, so the strength of the password itself is the main thing standing between your account and an attacker.
Resetting a forgotten password
If you cannot remember your password, you do not need to change it from Settings — you reset it from the login screen instead:
Go to app.dotwave.app/login and click Forgot your password?
Submit the address associated with your account.
Check your inbox for the reset email and open the link promptly — it expires soon after it is sent — then set a new password.
How long your session lasts
When you sign in, your session stays active for 24 hours. After that, Dotwave signs you out and you authenticate again with your email and password. This fixed window is a security measure: it limits how long an unattended or forgotten browser session can be used, so a logged-in screen left open overnight will not stay accessible indefinitely. On a longer engagement, plan to sign in roughly once a day.
Brute-force protection
To defend against someone guessing passwords, Dotwave locks an account after multiple failed sign-in attempts. This stops automated tools from cycling through thousands of guesses. If you lock yourself out by mistyping your password too many times, the lock is not permanent — it just needs a human to clear it.
If your account gets locked after too many failed attempts, contact us at hello@dotwave.app to unlock it.
What Dotwave does not use
Dotwave authenticates with email and password only. There is no "Sign in with Google," no single sign-on, and no other OAuth provider — so if you are looking for a social login button, there isn't one by design. Your email and password are the single path into your account, which is why a strong, unique password matters and why the lockout protection above is in place. Keep your credentials safe, and reach out to support if anything about your account access looks wrong.
Dotwave