Password Reset Errors
| When to use this page | Resolving common errors when resetting a password |
|---|---|
| Who can use this page | PSL2 ABS CPSET |
| Main Index | Overview |
|---|---|
| Issue Investigation |
Overview
| This article addresses common errors users may encounter while resetting their Canva password. It covers typical issues such as not receiving the password reset email, entering incorrect information, and problems related to case sensitivity. The article provides troubleshooting tips and solutions to help users effectively resolve these errors and successfully reset their passwords. |
Issue Investigation
CONCERN 1: Did not receive the password reset email
|
More information here Possible Reasons: - The email was sent to the correct email address but was sorted to a different folder like Spam or the Promotions folder if they are using Gmail. - The email was sent to the wrong address. - The password reset link expires in 24 hours, and the code expires in 10 minutes. If the link expires, you'll need to request a new one. |
| ACTION: Follow the steps outlined in the User is not receiving account-related (transactional) emails article. |
CONCERN 2: Unable to receive the password reset email/code because they no longer have access to the email linked to their Canva account
|
More information here Possible Reasons: - Typo in the email address when signing up - They used a work email to sign up for Canva and have since left the company - The user signed up with a mock email address - The user has forgotten what email address and password they used to sign up |
| ACTION: Verify the account ownership. Refer to the Account Verification Process (AVP) article. |
CONCERN 3: Unauthorized password reset
|
More information here Sometimes, users report receiving a password reset email without having requested it. Possible reasons: - Someone may have tried to access your Canva account but accidentally typed in the wrong email address or username, which often happens with popular names or words. - The account might also have been accessed on a different computer or device, where the browser automatically filled in the email address field. |
| ACTION: Refer to the Unauthorized Account Changes article. |
CONCERN 4: User is asking about the compromised password email they received from us
|
More information here Users with compromised passwords might contact us because they received an email from Canva to reset their password. - The Account Integrity team won't send mass emails when a password is compromised. Instead, they will mark users as high-risk only if they find a new record of a Canva account with a compromised email and password. - An email to reset the password will be sent only when the user logs in next. If the user doesn't log in, they won’t receive an email. - If a user gets a reset email and changes their password, they won’t get another reset email for at least a month, even if more compromised records are found during that time. For more information, see Compromised Password Email Notifications from the Account Integrity Team. |
| ACTION: Educate the user why they received an email notification that their password was compromised. Send the macro below. MACRO: Compromised password email notification STATUS: Solved |
Related compromised password FAQs
| FAQ | ANSWER/GUIDE |
|---|---|
| Does this impact passwordless accounts? | ANSWER: No. Credential records in this feature refer to an email + password combination, so if an account does not have a password attached (which is the default for all new accounts post-2022), they will not be impacted by this feature. MACRO: Passwordless accounts STATUS: Solved |
| How do we ensure resetting the password secures our Canva user's account? | ANSWER: To reset your password, you'll need a six-digit OTP sent to your email, ensuring that unauthorized access requires email access as well. If a suspicious login attempt is blocked, the password is reset as a precaution, and once reset, you won't need to do it again for future logins. MACRO: Securing a Canva account through password reset STATUS: Solved |
| Why wait for the next login? Why not reset the password and notify the account owner immediately when a credential record is detected? | ANSWER: By waiting for the next login attempt, we can ensure that we are addressing potential security issues with minimal disruption and greater accuracy. MACRO: Why wait for the next login to reset passwords? STATUS: Solved |
| Could an account be repeatedly flagged as at-risk? | ANSWER: Yes. MACRO: Handling repeatedly flagged accounts STATUS: Solved |
| Why does the notification not explain in detail what we’ve found? | ANSWER: This is a precautionary measure, not based on actual risky activity. We wanted to make it clear that it’s just a safety step to avoid causing unnecessary alarm. MACRO: Notifications don't include detailed findings STATUS: Solved |
| How many users will be impacted by this? | This is a dynamic figure that will continue to fluctuate, but at this stage, we are expecting ~1000 password resets a week. MACRO: Number of impacted users STATUS: Solved |
CONCERN 5: User is having trouble logging in after a password reset
|
More information here Possible Reasons: If there are too many failed login attempts, the account gets locked. After 6 incorrect tries, you’ll need to wait at least 10 minutes before trying again. |
| ACTION: Reply to the user using the macro below. MACRO: Can't login after a password reset STATUS: Solved |
CONCERN 6: “No account with that email here” error when resetting the password
|
More information here Entering an email address that's not registered in Canva will result in the following error message: |
| ACTION: Reply to the user using the macro below. MACRO: Account does not exist STATUS: Solved |
CONCERN 7: Trying to reset an SSO-enabled account and getting an error
|
More information here Error Reason: Accounts using Single Sign-On (SSO) don’t have passwords on our platform because their security is managed by their SSO provider. If a user tries to reset their password, either by themselves or through our support team, it will result in an error. Next Steps: Ask the user to contact their company, school, or university’s IT department for help with SSO. We can only help with disabling SSO if it’s needed to change the account’s email address to a different email within the same domain. |
| ACTION: Inform the user that SSO-enabled accounts don't have a password. Resetting their password should be done by their SSO providers. MACRO: Can't reset a password of SSO-enabled accounts STATUS: Solved |
CONCERN 8: Trying to reset the password of an Orphaned account
|
More information here What is an Orphaned account? These are accounts with no Brands. This error message can appear when a user tries to log in to an orphaned account. The error itself won’t specify this, but you can tell it’s an orphaned account if you check the CHT Portal and see that there are no brands associated with it. |
|
ACTION: 1. Inform the user that their account is Orphaned and offer to delete the account and create a new one but they would need to wait 14 days before they can create a new account using the same email address. MACRO: Resetting a password of an orphaned account STATUS: Pending 2. Once the user replies, refer to the guide below: |
USER’S RESPONSE
| User Response | Guide |
|---|---|
| User agreed to delete the account and wait 14 days before creating a new one | Transfer the ticket to HSS. Follow the transferring and escalating tickets guidelines. |
| User asks if there’s a workaround so they can use the same email right away without deleting the account: | 1. Advise the user that we can change the email address of their current account to a different email address, but we need to conduct account verification. MACRO: Prefer not to wait 14 days to create a new account STATUS: Pending 2. Once the user responds with information, verify the information following the Step 2 of the Account verification process. |
| User declines deleting the account and doing the account verification | Escalate the ticket to the CPSET for further assistance. Follow the CPS escalation process. |
Comments
0 comments
Please sign in to leave a comment.