Lost password recovery looks like it's going to be an ongoing pain point, and the current recovery process is obscure and not that robust. Look into implementing:

• OTP authentication/recovery

Ref:

• admin password reset
• default auth doesn't work

uhppoted-httpd now includes support for login using an OTP as a convenient alternative to a password (i.e. not TFA). This is somewhat less secure than a password-only system (of necessity, OTP keys are stored in plaintext on the server) so is disabled by default but can be enabled by setting:

httpd.security.otp.login = allow

in uhppoted.conf.

Feature complete - will be released in v0.8.3.