# Security The **Settings > Security** page is where you control how your account is protected. You can set or update your password, enable two-factor authentication (2FA) for an extra layer of security, and review or revoke active sessions across your devices. *** ## Password The **Password** section shows whether a password is currently set on your account (indicated by a row of bullet dots). * If no password is set, click **Set password** to create one. * If a password already exists, click **Update password** to change it. Both actions open a modal where you can enter your **current password** (if one exists), your **new password**, and a **confirmation** of the new password. {% hint style="info" %} If you signed up via Google or Microsoft OAuth and have never set a password, you can use **Set password** to add one. This gives you an additional sign-in option. {% endhint %} *** ## Two-factor authentication Two-factor authentication adds a second verification step when signing in, protecting your account even if your password is compromised. When enabled, an **On** badge is displayed in green. If 2FA is not active, a warning indicator and **Not enabled** label are shown instead. ### Setting up 2FA 1. Click **Set up two-factor authentication**. 2. Open your authenticator app (such as Google Authenticator, Authy, or 1Password) and scan the QR code displayed on screen. 3. Enter the **6-digit code** generated by your authenticator app to verify the setup. 4. Save your **backup codes** — copy them to a safe place before continuing. These codes let you access your account if you ever lose access to your authenticator app. 5. Click **Done** to complete the setup. {% hint style="warning" %} Backup codes are shown only once. Store them somewhere secure — for example, a password manager or printed in a safe location. Each backup code can only be used once. {% endhint %} ### Removing 2FA To disable two-factor authentication, click the **Remove** button in the Two-factor authentication section. You will be asked to confirm before 2FA is turned off. *** ## Active devices The **Active devices** section lists all sessions currently signed in to your account. Each entry shows: * **Device type** — represented by an icon (desktop, mobile, etc.) * **Browser** — name and version (e.g. Chrome 124) * **IP address** — the IP the session originated from * **Location** — approximate location based on IP * **Last active** — when the session was last used To sign out a session you don't recognize or no longer need, click **Sign out** next to that device. {% hint style="info" %} Your current session is labeled **This device** and cannot be signed out from this page. To end your current session, use the sign-out option in the navigation menu. {% endhint %}