# Security The **Settings > Security** page is where you control how your account is protected. You can set or update your password, enable two-factor authentication (2FA) for an extra layer of security, and review or revoke active sessions across your devices. *** ## Password The **Password** section shows whether a password is currently set on your account (indicated by a row of bullet dots). * If no password is set, click **Set password** to create one. * If a password already exists, click **Update password** to change it. Both actions open a modal where you can enter your **current password** (if one exists), your **new password**, and a **confirmation** of the new password. {% hint style="info" %} If you signed up via Google or Microsoft OAuth and have never set a password, you can use **Set password** to add one. This gives you an additional sign-in option. {% endhint %} *** ## Two-factor authentication Two-factor authentication adds a second verification step when signing in, protecting your account even if your password is compromised. When enabled, an **On** badge is displayed in green. If 2FA is not active, a warning indicator and **Not enabled** label are shown instead. ### Setting up 2FA 1. Click **Set up two-factor authentication**. 2. Open your authenticator app (such as Google Authenticator, Authy, or 1Password) and scan the QR code displayed on screen. 3. Enter the **6-digit code** generated by your authenticator app to verify the setup. 4. Save your **backup codes** — copy them to a safe place before continuing. These codes let you access your account if you ever lose access to your authenticator app. 5. Click **Done** to complete the setup. {% hint style="warning" %} Backup codes are shown only once. Store them somewhere secure — for example, a password manager or printed in a safe location. Each backup code can only be used once. {% endhint %} ### Removing 2FA To disable two-factor authentication, click the **Remove** button in the Two-factor authentication section. You will be asked to confirm before 2FA is turned off. *** ## Active devices The **Active devices** section lists all sessions currently signed in to your account. Each entry shows: * **Device type** — represented by an icon (desktop, mobile, etc.) * **Browser** — name and version (e.g. Chrome 124) * **IP address** — the IP the session originated from * **Location** — approximate location based on IP * **Last active** — when the session was last used To sign out a session you don't recognize or no longer need, click **Sign out** next to that device. {% hint style="info" %} Your current session is labeled **This device** and cannot be signed out from this page. To end your current session, use the sign-out option in the navigation menu. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.wobby.ai/settings/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.