Authentication

Mimicry uses modern security standards to protect your AI content management dashboard.

First Time Setup

Upon first launch, if no users exist in the database, Mimicry will automatically redirect you to the Setup Wizard to create the primary administrator account.

Username: Your identifier for dashboard access.
Password: A secure password (minimum 8 characters required).

Security Architecture

Mimicry implements PASETO (Platform-Agnostic Security Tokens) instead of traditional JWTs for enhanced security and fixed-size tokens.

Secure Cookies: Tokens are stored in secure, HTTP-only cookies to prevent XSS attacks.
Remember Me: Selecting "Remember Me" during login extends your session to 7 days. Standard sessions expire when the browser is closed.

warning

Account Recovery

Since Mimicry is self-hosted and prioritizes privacy, there is no default email-based "Forgot Password" feature. To reset an admin account, you must have shell access to the host machine to modify the database or use the CLI tools.

Session Security

Every time you perform an administrative action, your PASETO token is validated by the backend middleware. If the token is invalid or expired, you will be redirected to the login page immediately.