TaxItEasyTaxItEasy
Sign in Get started — free
Browse the knowledge base

I can't sign in / password reset

all Updated Thu May 21 2026 00:00:00 GMT+0000 (Coordinated Universal Time)

Forgot password? Click Forgot password on the login page, get a reset link (1 hour valid) emailed to you, set a new password. 2FA blocking? Use a recovery code. Both failing? Write to [email protected] from the email address on the account — we reset 2FA after identity verification in 1–3 working days.

When to read this article

You can't get into your account. This article walks through the common causes (password forgotten, lockout, 2FA, Google-sign-in confusion) and the recovery paths for each. For the related 2FA-specific recovery, see how to use 2FA recovery codes. For the original 2FA setup, see enable 2FA. For Google sign-in mechanics, see using Sign in with Google.

"My password isn't working"

A few quick checks before the recovery flow:

  1. Caps Lock. Easy to miss. Try once more with deliberate input.
  2. Right email address. It happens — some users have multiple emails and don't remember which one the account is on.
  3. Recently changed password. If you set a new password via the reset flow but the old one is in your password manager's autofill, the manager might be filling the old one. Manually re-enter.

If the basics check out:

Forgot password — the reset flow

  1. On the login page, click Forgot password. The text "Forgot password" link is below the password field.
  2. Enter your email address. We send a reset link (valid 1 hour) to that email.
  3. Click the link. It takes you to a "Set new password" screen.
  4. Type a long, strong password. The form rejects weak ones (under 10 characters, only-numbers, top-1000 dictionary words).
  5. Click Save. You're signed in with the new password.

Reset email didn't arrive

  • Check spam. Sender is [email protected]. About 1 in 30 reset emails land in spam (or your provider's "Promotions" tab in Gmail).
  • Right email. Did you type the address you actually signed up with? The reset flow doesn't tell you whether an address has an account (silent on purpose — confirming addresses exist would be a privacy leak); if you got the email wrong, you'll silently get nothing.
  • 5-minute window. Reset emails sometimes take 1–2 minutes to deliver. Wait 5 before requesting another. Multiple requests in a row throttle.
  • Address that was never registered. If the address doesn't have an account, no email is sent. Try a different address you might have used.

Reset link doesn't work

  • Link expired (>1 hour old). Request a new one.
  • Link already used. Each link works once. Request a new one.
  • Link broken across email line-wraps. Some email clients break long URLs in plain-text mode. Copy the full URL from the email source (or view the HTML version), paste into the browser.
  • Link's host doesn't match login host. The reset link should point to app.taxiteasy.org. If it's pointing elsewhere, something is wrong (phishing risk — don't click).

"I'm locked out after too many failed attempts"

Brute-force protection: 5 failed attempts in 15 minutes triggers a temporary lockout on your account.

  • Wait 15 minutes, the lockout lifts automatically.
  • During the lockout, password-reset still works — the reset link bypasses the lockout. So if you're locked out and don't remember the right password, click Forgot password, get a reset link, set a new one, sign in.
  • The lockout is per-account, not per-IP — switching networks doesn't unlock.

The 5-attempts threshold is calibrated to absorb fat-fingering without false-locking legitimate users while keeping brute-force attempts unproductive. If you find yourself hitting it often, your password is probably one you can't remember reliably; use the reset flow to set one you actually know.

"Password works but 2FA prompt is blocking me"

Two paths into your account from the 2FA prompt: the 6-digit code, or a recovery code.

Using the 6-digit code

  • Open your authenticator app (Google Authenticator, 1Password, Authy, Microsoft Authenticator, iCloud Keychain). Find the TaxItEasy entry; the current 6-digit code is displayed.
  • Codes rotate every 30 seconds. Enter the code currently showing.

Code rejected despite looking right

Most common: phone clock drift. TOTP codes are time-based; even 30 seconds of clock drift causes failures. Fix: turn on automatic date/time on your phone (Settings → Date & Time → Set Automatically on iOS; similar on Android), wait 10 seconds, try a fresh code.

Less common: you've paired your authenticator with the wrong TaxItEasy account (if you have multiple accounts on different emails). Check the label on the authenticator entry — it should match your account email.

Don't have access to the authenticator

Use a recovery code. On the 2FA prompt, click Use a recovery code instead, enter one of the 8 codes you saved when setting up 2FA. Single-use codes. See how to use 2FA recovery codes for the full flow.

No recovery codes saved + no authenticator

Write to [email protected] from the email address on the account. We verify identity (account creation date, recent activity, billing details, last invoice / document uploaded) and reset 2FA on our side. SLA: 1–3 working days. There's no automated bypass; the manual verification is the security backstop.

"I forgot which email address I used"

We can't tell you over support which email is on file — that would be a privacy hole (we'd be confirming whether arbitrary email addresses have accounts). Try every address you might have used: work, personal, that-one-old-Gmail.

The password-reset flow doesn't help here — it's silent about whether an email is registered (on purpose, same privacy principle).

If your account has billing history (you paid for a plan), search your email inbox for:

  • [email protected] and taxiteasy together — Stripe invoices show the account email in the receipt
  • [email protected] — past notifications include the account email in the body or footer
  • welcome to taxiteasy — the signup-confirmation email mentions which address signed up

If you genuinely cannot find any record, write to [email protected] describing what you can prove (last 4 of card, approximate signup date, approximate payment amount). We can sometimes identify the account from billing-side records.

Edge cases

My account got deleted but I want to come back. If it's within the 30-day grace period after deletion, click Restore my account in the deletion-confirmation email (sent at the moment of deletion). After 30 days, the encryption key is destroyed and your data is cryptographically shredded — you'd need to sign up fresh, and there's no way to recover the prior data. See delete your account and export your data.

I think my account was hacked — my password works but I see activity I didn't do. Immediate response:

  1. Open Settings → Audit log. Look for the suspicious entries — often from an IP you don't recognise, or at times you weren't using the app.
  2. Change password immediately (Settings → Account → Password).
  3. Revoke all sessions (Settings → Account → Active sessions → Revoke all). This signs out every other device.
  4. Enable 2FA if you don't have it. See enable 2FA.
  5. Write to [email protected] with what you found. Include the suspicious audit-log timestamps. We investigate suspected unauthorised access seriously.

My company's IT blocks taxiteasy.org. Ask them to allow *.taxiteasy.org. The site is GDPR-compliant, EU-hosted, and on most corporate-friendly-app lists. If they need a justification document, the /security.html page covers our security posture in detail.

Sign-in works on my desktop but not on mobile. Common causes: outdated browser on mobile (Safari pre-15 on old iPads, very old Chrome on Android), aggressive privacy mode (Brave Shields Up, Tor Browser), or your mobile is on a network with a captive portal that hasn't been satisfied. Try a different browser or an incognito window. Verify mobile date/time is correct (TOTP relies on it).

I have multiple TaxItEasy accounts on different emails — can I merge them? Not currently. Each account is a separate user. If you signed up twice and have data in both, the only path is to export from one (Settings → Account → Export my data) and import to the other — but TaxItEasy doesn't have an import flow for user-supplied JSON yet. For practical merging, write to [email protected] with both emails; we can sometimes do server-side merges as a one-off.

I can sign in on desktop but the 2FA code is rejected from mobile. Both devices should produce identical codes if paired with the same secret. If they don't, one of them has clock drift, or you've paired two different secrets (you set up 2FA twice somehow). Disable 2FA, re-enable, scan into both at the same time — both will then generate the same codes.

Google sign-in shows my email doesn't match an account. Different article — see using Sign in with Google. Usually an email-alias issue.

My session was working fine, suddenly I'm signed out everywhere. Two causes: a Revoke all sessions was clicked from somewhere (yours or via a security event), or your account password was changed (which auto-revokes all sessions). Check Settings → Audit log for the trigger. Sign in fresh; if you didn't change your password and don't recognise the revoke, treat as suspected unauthorised access.

Related

Didn't answer your question? Write to [email protected] · the AI chat in the bottom-right corner answers most common questions.