Settings
Manage your account security, authentication methods, and active sessions from the Settings tab.
Overview
The Settings tab provides access to:
Email and password management
Two-factor authentication (2FA)
Passkey registration
Active session management
Account deletion
Account Security
Changing Your Email
Update your account email address:
Steps:
Click Change Email
Enter your current password for verification
Enter your new email address
Click Update
What happens:
Verification email sent to new address
Notification sent to old address
You're signed out automatically
Click link in verification email to confirm
Sign in with new email address
Security: You can revert the change using the link in the notification email sent to your old address.
Changing Your Password
Update your account password:
Steps:
Click Change Password
Enter your current password
Enter your new password (minimum 8 characters)
Click Update Password
Requirements:
At least 8 characters
Recommended: Mix of uppercase, lowercase, numbers, and symbols
Don't reuse passwords from other services
Tip: Use a password manager to generate and store strong passwords.
Two-Factor Authentication (2FA)
Add an extra layer of security with time-based one-time passwords (TOTP).
Enabling 2FA
Requirements:
Authenticator app (Google Authenticator, Authy, 1Password, etc.)
Steps:
Start Setup
Click Enable 2FA
A QR code appears
Scan QR Code
Open your authenticator app
Scan the QR code with your phone
Alternatively, manually enter the secret key shown
Verify Setup
Enter the 6-digit code from your authenticator app
Click Verify & Enable
Save Recovery Codes
CRITICAL: Copy and store your recovery codes securely
Each code can only be used once
You'll need these if you lose access to your authenticator
Click Done when saved
Status:
Badge changes to "ENABLED" (green)
2FA required for all future logins
Recovery codes stored securely
Important: Store recovery codes in a safe place (password manager, secure note). You cannot view them again!
Using 2FA
After enabling, you'll need to provide a code when signing in:
Enter email and password
Enter 6-digit code from authenticator app
Or click Verify Using Recovery Code:
If you don't have your authenticator, click "Use Recovery Code"
Enter one of your saved recovery codes
Each code works only once
Disabling 2FA
Remove 2FA from your account:
Steps:
Click Disable
Verify with either:
TOTP Code: From your authenticator app
Recovery Code: One of your saved codes
Click Disable
Effects:
2FA is removed immediately
Badge changes to "DISABLED"
Only password required for login
Passkeys
Use biometric authentication or hardware security keys for passwordless login.
What are Passkeys?
Passkeys use WebAuthn technology to provide:
Passwordless login: No password needed
Phishing-resistant: Cannot be stolen or phished
Convenient: Use fingerprint, Face ID, or security key
Secure: Cryptographic keys stored on your device
Adding a Passkey
Requirements:
Compatible device (modern phone, laptop, or security key)
Browser with WebAuthn support (Chrome, Safari, Firefox, Edge)
Steps:
Start Registration
Click Add Passkey
Browser prompts you to create a passkey
Authenticate
Choose authentication method:
Fingerprint scanner
Face ID
Security key (YubiKey, etc.)
Device PIN
Follow browser prompts
Name Your Passkey
Enter a friendly name (e.g., "iCloud Keychain", "YubiKey")
Click Save
Confirmation
Passkey appears in the table
Can now be used for login
Managing Passkeys
The passkeys table shows:
Name
Your friendly label
Created
Date registered
Last Used
Last login with this passkey
Device
Device type and browser
Actions
Rename and Remove buttons
Renaming a Passkey:
Click Rename
Enter new name
Click Save
Removing a Passkey:
Click Remove
Confirm the action
Passkey is deleted immediately
Note: You can have multiple passkeys for different devices.
Using Passkeys to Sign In
On login page, click Sign in with a Passkey
Browser prompts you to select a passkey
Authenticate (fingerprint, Face ID, etc.)
Signed in automatically
Session Management
Monitor and control devices logged into your account.
Active Sessions Table
View all active sessions:
Device / Browser
Device type and browser (e.g., "Chrome on macOS")
Location
City and country based on IP
Last Active
Last activity timestamp
Status
Active (green badge)
Actions
Log Out button (or "Current" for your session)
Refreshing Sessions
Update the session list:
Click Refresh button
Table updates with latest activity
Logging Out a Session
Remove access from a specific device:
Steps:
Find the session in the table
Click Log Out
Confirm the action
Effects:
Device is signed out immediately
Session removed from table
User must sign in again on that device
Use case: Log out forgotten sessions, remove access from lost devices, or sign out shared computers.
Logging Out All Other Sessions
Sign out all devices except your current one:
Steps:
Click Log Out All Other Sessions
Confirm the action
Effects:
All other devices are signed out
Only your current session remains
Useful after password change or security concern
Account Deletion
Danger Zone
Permanently delete your account and all associated data.
Steps:
Click Delete Account
Read the warning carefully
Enter your password to confirm
Click Delete Account
What gets deleted:
Your user account
All API keys (deactivated immediately)
Personal settings and preferences
Active sessions
What happens to organization:
If you're the owner: Must transfer ownership first
If you're a member: Removed from organization
Organization data remains intact
Warning: This action is permanent and cannot be undone!
Before deleting:
Export any data you need
Transfer ownership if you're the owner
Revoke API keys manually if needed
Inform your team
Security Best Practices
Account Protection
Enable multiple authentication methods:
Set a strong password
Enable 2FA
Register at least one passkey
Keep recovery codes safe
Regular maintenance:
Review active sessions weekly
Remove old passkeys from unused devices
Update password every 90 days
Check for suspicious activity
Session Security
Best practices:
Always sign out on shared computers
Don't save passwords in public browsers
Use private/incognito mode on untrusted devices
Review session locations for anomalies
Red flags:
Sessions from unknown locations
Devices you don't recognize
Unusual activity times
Multiple concurrent sessions
If compromised:
Change password immediately
Log out all other sessions
Enable 2FA if not already enabled
Review API keys and revoke suspicious ones
Contact support
Troubleshooting
Can't Change Email
Solutions:
Verify current password is correct
Ensure new email isn't already in use
Check spam folder for verification email
Wait a few minutes and try again
2FA Code Not Working
Common issues:
Time sync: Ensure device time is accurate
Wrong code: Code changes every 30 seconds
Old code: Generate a new code
Wrong account: Verify you're using correct authenticator entry
Solutions:
Sync your device time
Use a recovery code instead
Contact support if locked out
Passkey Registration Failed
Possible causes:
Browser doesn't support WebAuthn
Device doesn't have biometric capability
Security key not connected properly
Solutions:
Update your browser
Try a different device
Use a hardware security key
Check browser compatibility
Unknown Session Appears
Immediate actions:
Log out that session
Change your password
Enable 2FA
Review API keys
Contact support
Permissions Required
Most settings are self-service and don't require special permissions. However:
View settings: All users
Modify own settings: All users
Delete account: Account owner only
Next Steps
Enable 2FA for better security
Add a passkey for convenient login
Review active sessions regularly
Manage API keys for application access
Last updated