Security
Manage your password, two-factor authentication, and active sessions
The Settings > Security page is where you control how your account is protected. You can set or update your password, enable two-factor authentication (2FA) for an extra layer of security, and review or revoke active sessions across your devices.
Password
The Password section shows whether a password is currently set on your account (indicated by a row of bullet dots).
If no password is set, click Set password to create one.
If a password already exists, click Update password to change it.
Both actions open a modal where you can enter your current password (if one exists), your new password, and a confirmation of the new password.
If you signed up via Google or Microsoft OAuth and have never set a password, you can use Set password to add one. This gives you an additional sign-in option.
Two-factor authentication
Two-factor authentication adds a second verification step when signing in, protecting your account even if your password is compromised. When enabled, an On badge is displayed in green. If 2FA is not active, a warning indicator and Not enabled label are shown instead.
Setting up 2FA
Click Set up two-factor authentication.
Open your authenticator app (such as Google Authenticator, Authy, or 1Password) and scan the QR code displayed on screen.
Enter the 6-digit code generated by your authenticator app to verify the setup.
Save your backup codes β copy them to a safe place before continuing. These codes let you access your account if you ever lose access to your authenticator app.
Click Done to complete the setup.
Backup codes are shown only once. Store them somewhere secure β for example, a password manager or printed in a safe location. Each backup code can only be used once.
Removing 2FA
To disable two-factor authentication, click the Remove button in the Two-factor authentication section. You will be asked to confirm before 2FA is turned off.
Active devices
The Active devices section lists all sessions currently signed in to your account. Each entry shows:
Device type β represented by an icon (desktop, mobile, etc.)
Browser β name and version (e.g. Chrome 124)
IP address β the IP the session originated from
Location β approximate location based on IP
Last active β when the session was last used
To sign out a session you don't recognize or no longer need, click Sign out next to that device.
Your current session is labeled This device and cannot be signed out from this page. To end your current session, use the sign-out option in the navigation menu.
Last updated