> For the complete documentation index, see [llms.txt](https://docs.ipaware.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ipaware.io/dashboard/settings.md). # Settings ### Overview The Settings tab provides access to: * Email and password management * Two-factor authentication (2FA) * Passkey registration * Active session management * Account deletion *** ### Account Security #### Changing Your Email Update your account email address: **Steps:** 1. Click **Change Email** 2. Enter your **current password** for verification 3. Enter your **new email address** 4. Click **Update** **What happens:** * Verification email sent to new address * Notification sent to old address * You're signed out automatically * Click link in verification email to confirm * Sign in with new email address > **Security:** You can revert the change using the link in the notification email sent to your old address. #### Changing Your Password Update your account password: **Steps:** 1. Click **Change Password** 2. Enter your **current password** 3. Enter your **new password** (minimum 8 characters) 4. Click **Update** **Password** **Requirements:** * At least 8 characters * Recommended: Mix of uppercase, lowercase, numbers, and symbols * Don't reuse passwords from other services > **Tip:** Use a password manager to generate and store strong passwords. *** ### Two-Factor Authentication (2FA) Add an extra layer of security with time-based one-time passwords (TOTP). #### Enabling 2FA **Requirements:** * Authenticator app (Google Authenticator, Authy, 1Password, etc.) **Steps:** 1. **Start Setup** * Click **Enable 2FA** * A QR code appears 2. **Scan QR Code** * Open your authenticator app * Scan the QR code with your phone * Alternatively, manually enter the secret key shown 3. **Verify Setup** * Enter the 6-digit code from your authenticator app * Click **Verify & Enable** 4. **Save Recovery Codes** * **CRITICAL:** Copy and store your recovery codes securely * Each code can only be used once * You'll need these if you lose access to your authenticator * Click **Done** when saved **Status:** * Badge changes to "ENABLED" (green) * 2FA required for all future logins * Recovery codes stored securely > **Important:** Store recovery codes in a safe place (password manager, secure note). You cannot view them again! #### Using 2FA After enabling, you'll need to provide a code when signing in: 1. Enter email and password 2. Enter 6-digit code from authenticator app 3. Or click **Verify** **Using Recovery Code:** * If you don't have your authenticator, click "Use Recovery Code" * Enter one of your saved recovery codes * Each code works only once #### Disabling 2FA Remove 2FA from your account: **Steps:** 1. Click **Disable** 2. Verify with either: * **TOTP Code:** From your authenticator app * **Recovery Code:** One of your saved codes 3. Click **Disable** **Effects:** * 2FA is removed immediately * Badge changes to "DISABLED" * Only password required for login *** ### Passkeys Use biometric authentication or hardware security keys for passwordless login. #### What are Passkeys? Passkeys use WebAuthn technology to provide: * **Passwordless login:** No password needed * **Phishing-resistant:** Cannot be stolen or phished * **Convenient:** Use fingerprint, Face ID, or security key * **Secure:** Cryptographic keys stored on your device #### Adding a Passkey **Requirements:** * Compatible device (modern phone, laptop, or security key) * Browser with WebAuthn support (Chrome, Safari, Firefox, Edge) **Steps:** 1. **Start Registration** * Click **Add Passkey** * Browser prompts you to create a passkey 2. **Authenticate** * Choose authentication method: * Fingerprint scanner * Face ID * Security key (YubiKey, etc.) * Device PIN * Follow browser prompts 3. **Name Your Passkey** * Enter a friendly name (e.g., "iCloud Keychain", "YubiKey") * Click **Save** 4. **Confirmation** * Passkey appears in the table * Can now be used for login #### Managing Passkeys The passkeys table shows: | Column | Description | | ------------- | ---------------------------- | | **Name** | Your friendly label | | **Created** | Date registered | | **Last Used** | Last login with this passkey | | **Device** | Device type and browser | | **Actions** | Rename and Remove buttons | #### **Renaming a Passkey:** 1. Click **Rename** 2. Enter new name 3. Click **Save** #### **Removing a Passkey:** 1. Click **Remove** 2. Confirm the action 3. Passkey is deleted immediately > **Note:** You can have multiple passkeys for different devices. #### Using Passkeys to Sign In 1. On login page, click **Sign in with a Passkey** 2. Browser prompts you to select a passkey 3. Authenticate (fingerprint, Face ID, etc.) 4. Signed in automatically *** ### Session Management Monitor and control devices logged into your account. #### Active Sessions Table View all active sessions: | Column | Description | | -------------------- | ------------------------------------------------- | | **Device / Browser** | Device type and browser (e.g., "Chrome on macOS") | | **Location** | City and country based on IP | | **Last Active** | Last activity timestamp | | **Status** | Active (green badge) | | **Actions** | Log Out button (or "Current" for your session) | #### Refreshing Sessions Update the session list: * Click **Refresh** button * Table updates with latest activity #### Logging Out a Session Remove access from a specific device: **Steps:** 1. Find the session in the table 2. Click **Log Out** 3. Confirm the action **Effects:** * Device is signed out immediately * Session removed from table * User must sign in again on that device > **Use case:** Log out forgotten sessions, remove access from lost devices, or sign out shared computers. #### Logging Out All Other Sessions Sign out all devices except your current one: **Steps:** 1. Click **Log Out All Other Sessions** 2. Confirm the action **Effects:** * All other devices are signed out * Only your current session remains * Useful after password change or security concern *** ### Account Deletion #### Danger Zone Permanently delete your account and all associated data. **Steps:** 1. Click **Delete Account** 2. Read the warning carefully 3. Enter your **password** to confirm 4. Click **Delete Account** **What gets deleted:** * Your user account * All API keys (deactivated immediately) * Personal settings and preferences * Active sessions **What happens to organization:** * If you're the owner: Must transfer ownership first * If you're a member: Removed from organization * Organization data remains intact > **Warning:** This action is permanent and cannot be undone! **Before deleting:** * Export any data you need * Transfer ownership if you're the owner * Revoke API keys manually if needed * Inform your team *** ### Security Best Practices #### Account Protection **Enable multiple authentication methods:** * Set a strong password * Enable 2FA * Register at least one passkey * Keep recovery codes safe **Regular maintenance:** * Review active sessions weekly * Remove old passkeys from unused devices * Update password every 90 days * Check for suspicious activity #### Session Security **Best practices:** * Always sign out on shared computers * Don't save passwords in public browsers * Use private/incognito mode on untrusted devices * Review session locations for anomalies **Red flags:** * Sessions from unknown locations * Devices you don't recognize * Unusual activity times * Multiple concurrent sessions **If compromised:** 1. Change password immediately 2. Log out all other sessions 3. Enable 2FA if not already enabled 4. Review API keys and revoke suspicious ones 5. Contact support *** ### Troubleshooting #### Can't Change Email **Solutions:** * Verify current password is correct * Ensure new email isn't already in use * Check spam folder for verification email * Wait a few minutes and try again #### 2FA Code Not Working **Common issues:** * **Time sync:** Ensure device time is accurate * **Wrong code:** Code changes every 30 seconds * **Old code:** Generate a new code * **Wrong account:** Verify you're using correct authenticator entry **Solutions:** * Sync your device time * Use a recovery code instead * Contact support if locked out #### Passkey Registration Failed **Possible causes:** * Browser doesn't support WebAuthn * Device doesn't have biometric capability * Security key not connected properly **Solutions:** * Update your browser * Try a different device * Use a hardware security key * Check browser compatibility #### Unknown Session Appears **Immediate actions:** 1. Log out that session 2. Change your password 3. Enable 2FA 4. Review API keys 5. Contact support *** ### Permissions Required Most settings are self-service and don't require special permissions. However: * **View settings:** All users * **Modify own settings:** All users * **Delete account:** Account owner only *** ### Next Steps * Enable 2FA for better security * Add a passkey for convenient login * Review active sessions regularly * Manage API keys for application access --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.ipaware.io/dashboard/settings.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.