Password reset flow in Firebase - Time & Space Complexity

When users reset their passwords using Firebase, the system makes calls to send reset emails and verify tokens.

We want to understand how the number of these calls grows as more users request password resets.

Analyze the time complexity of the following operation sequence.

const auth = getAuth();

function sendPasswordReset(email) {
  return sendPasswordResetEmail(auth, email);
}

// Later, user clicks link and token is verified
function verifyResetCode(code) {
  return verifyPasswordResetCode(auth, code);
}

This sequence sends a password reset email and then verifies the reset code when the user clicks the link.

Identify the API calls, resource provisioning, data transfers that repeat.

• Primary operation: Sending password reset emails via sendPasswordResetEmail.
• How many times: Once per user request for password reset.
• Secondary operation: Verifying reset codes via verifyPasswordResetCode, once per user clicking the reset link.

Each password reset request triggers one email send operation.

Input Size (n)	Approx. Api Calls/Operations
10	10 email sends
100	100 email sends
1000	1000 email sends

Pattern observation: The number of email sends grows directly with the number of reset requests.

Time Complexity: O(n)

This means the time and resources needed grow in direct proportion to the number of password reset requests.

[X] Wrong: "Sending one password reset email handles multiple users at once, so time stays the same regardless of requests."

[OK] Correct: Each user needs their own reset email, so the system must send one email per request, increasing work as requests grow.

Understanding how user-triggered operations scale helps you design systems that handle growth smoothly and predict resource needs.

"What if the system batched password reset emails to send them all at once? How would the time complexity change?"