Authentication

Mimicry uses modern security standards to protect your AI content management dashboard.

First Time Setup

Upon first launch, if no users exist in the database, Mimicry will automatically redirect you to the Setup Wizard to create the primary administrator account.

Username: Your identifier for dashboard access.
Password: A secure password (minimum 8 characters required).

Security Architecture

Mimicry implements PASETO (Platform-Agnostic Security Tokens) instead of traditional JWTs for enhanced security and fixed-size tokens.

Secure Cookies: Tokens are stored in secure, HTTP-only cookies to prevent XSS attacks.
Remember Me: Selecting "Remember Me" during login extends your session to 7 days. Standard sessions expire when the browser is closed.

warning

Account Recovery

Mimicry prioritizes privacy and does not include a default email-based "Forgot Password" feature. If you lose access, you can reset any account password directly from the terminal.

CLI Reset Command

python3 run.py --changepassword

* Defaults to "admin". Use --username for other accounts. If "admin" doesn't exist, it falls back to the first available user.

Session Security

Every time you perform an administrative action, your PASETO token is validated by the backend middleware. If the token is invalid or expired, you will be redirected to the login page immediately.