Technical Bug Report To: Sulman Choudhry, Head of Engineering – ChatGPT, OpenAI

📨 Technical Bug Report

To: Sulman Choudhry, Head of Engineering – ChatGPT, OpenAI

From: Michail Kiričkov

Subject: Login Flow Deficiencies in Email‑Password Authentication (Mobile & Web)

1. Missing “Forgot Password” option

• Issue: For users registered via email (not Google/Microsoft), the Forgot Password link is not available on the login page.
• Impact: Users who have not set or recall a password are locked out permanently, unable to reset credentials or regain access.

2. Biometric login does not complete session on mobile

• Issue: On mobile (Firefox/Android/iOS), after entering email and triggering fingerprint authentication, the login fails to complete. The App/Browser returns to the login page without errors.
• Impact: Even with correct credentials and successful fingerprint scan, users cannot log in—the session doesn’t initiate, making the app unusable.

🔍 Summary of Impact

Affected Users Issue Result Email‑registered users No recovery option Permanent lockout Mobile biometric users Fingerprint fails Can't log in at all These are critical usability blockers—especially for privacy-minded users avoiding social login.

✅ Suggested Fixes

1. Re-enable “Forgot Password” link for all email-based accounts.
2. Investigate mobile login flow:

• Check session handling post-biometric auth.
• Ensure session cookie/token is set before redirect.

1. Add automated tests covering:

• Password reset flow for email sign-ups
• Biometric login success path on mobile devices

Please escalate to the authentication/devops team—these are showstopping issues for secure, independent login flows. Happy to assist with logs or user tracebacks.

Thank you,

Michail Kiričkov