Account & Security
Manage your account profile, login methods, and security settings.
Account & Security
Manage your personal account, login methods, and security settings.
Your Account
Access your account settings from the user menu (top-right) → Account Settings.
Profile Information
| Field | Description |
|---|---|
| Name | Your display name across all workspaces |
| Primary login credential, used for notifications | |
| Phone | Optional, enables SMS login and notifications |
Login Methods
Email & Password
Traditional login with email and password. Set or change your password in Account Settings → Security.
Magic Links
Passwordless login via email:
- Enter your email on the login page
- Click Send Magic Link
- Check your email and click the link
- You're logged in (no password needed)
Magic links expire after 7 days and can only be used once.
Phone Login
If your account has a phone number:
- Enter your phone number on the login page
- Receive a 6-digit code via SMS
- Enter the code to log in
Two-Factor Authentication (2FA)
Add a second layer of security to your account. When enabled, you'll need both your password (or magic link) and a second factor to log in.
Setting Up 2FA
- Go to Account Settings → Security
- Click Enable Two-Factor Authentication
- Choose your method:
| Method | How It Works |
|---|---|
| Authenticator App | Use Google Authenticator, Authy, or similar apps to generate time-based codes |
| Hardware Key | Use a YubiKey or other WebAuthn-compatible security key |
Authenticator App Setup
- Select Authenticator App
- Scan the QR code with your authenticator app
- Enter the 6-digit code from the app to verify
- Save your recovery codes (see below)
Recovery Codes
When you enable 2FA, you receive 10 single-use recovery codes. Use these if you lose access to your authenticator:
- Store codes securely (password manager, printed copy in a safe)
- Each code works only once
- Regenerate codes anytime from Security settings (invalidates old codes)
Logging In with 2FA
- Enter your email/password or use a magic link
- When prompted, enter your 6-digit authenticator code
- Alternatively, click Use Recovery Code if you don't have your authenticator
Changing Your Email or Phone
Self-Service Change
Update your own credentials:
- Go to Account Settings → Profile
- Click Change next to Email or Phone
- Enter your new email/phone
- Enter the verification code sent to your new contact method
- Change is applied immediately
The verification code expires in 10 minutes. You can have only one pending change at a time.
Admin-Initiated Change
Workspace admins can initiate credential changes for members (useful when a member loses access to their email/phone):
- Admin sends an invitation to update credentials
- Invitation is sent to the member's current contact method
- Member clicks the link and confirms the change
- Credential is updated
See People for admin instructions.
Session Management
Your login sessions last 7 days. Sessions are workspace-independent—logging into one workspace logs you into all workspaces you have access to.
To log out:
- Click your user menu → Log Out
- This ends your session on the current device
Security Best Practices
- Enable 2FA for accounts with admin access
- Use unique passwords or rely on magic links
- Keep recovery codes in a secure location separate from your authenticator
- Review account activity if you suspect unauthorized access