Skip to main content

Account & Security

Manage your personal account, login methods, and security settings.

Your Account

Access your account settings from the user menu (top-right) → Account Settings.

Profile Information

FieldDescription
NameYour display name across all workspaces
EmailPrimary login credential, used for notifications
PhoneOptional, enables SMS login and notifications

Login Methods

Email & Password

Traditional login with email and password. Set or change your password in Account Settings → Security.

Password requirements: 12–72 characters. Any characters are accepted — no mandatory uppercase, lowercase, digit, or special-character rules. Passwords are checked against a database of passwords exposed in known data breaches; you will be asked to choose a different one if yours appears there.

Passwordless login via email:

  1. Enter your email on the login page
  2. Click Send Magic Link
  3. Check your email and click the link
  4. You're logged in (no password needed)

Magic links expire after 15 minutes and can only be used once. If your link expires before you click it, return to the login page and request a new one.

Phone Login

If your account has a phone number:

  1. Enter your phone number on the login page
  2. Receive a 6-digit code via SMS
  3. Enter the code to log in

Two-Factor Authentication (2FA)

Add a second layer of security to your account. When enabled, you'll need both your password (or magic link) and a second factor to log in.

Setting Up 2FA

  1. Go to Account SettingsSecurity
  2. Click Enable Two-Factor Authentication
  3. Choose your method:
MethodHow It Works
Authenticator AppUse Google Authenticator, Authy, or similar apps to generate time-based codes
Hardware KeyUse a YubiKey or other WebAuthn-compatible security key

Authenticator App Setup

  1. Select Authenticator App
  2. Scan the QR code with your authenticator app
  3. Enter the 6-digit code from the app to verify
  4. Save your recovery codes (see below)

Recovery Codes

When you enable 2FA, you receive 10 single-use recovery codes. Use these if you lose access to your authenticator:

  • Store codes securely (password manager, printed copy in a safe)
  • Each code works only once
  • Regenerate codes anytime from Security settings (invalidates old codes)

Logging In with 2FA

  1. Enter your email/password or use a magic link
  2. When prompted, enter your 6-digit authenticator code
  3. Alternatively, click Use Recovery Code if you don't have your authenticator

Changing Your Email or Phone

Self-Service Change

Update your own credentials:

  1. Go to Account SettingsProfile
  2. Click Change next to Email or Phone
  3. Enter your new email/phone
  4. Enter the verification code sent to your new contact method
  5. Change is applied immediately

The verification code expires in 10 minutes. You can have only one pending change at a time.

Admin-Initiated Change

Workspace admins can initiate credential changes for members (useful when a member loses access to their email/phone):

  1. Admin sends an invitation to update credentials
  2. Invitation is sent to the member's current contact method
  3. Member clicks the link and confirms the change
  4. Credential is updated

See People for admin instructions.

Session Management

Your login sessions last 7 days. Sessions are workspace-independent—logging into one workspace logs you into all workspaces you have access to.

To log out:

  • Click your user menu → Log Out
  • This ends your session on the current device

Security Best Practices

  • Enable 2FA for accounts with admin access
  • Use unique passwords or rely on magic links
  • Keep recovery codes in a secure location separate from your authenticator
  • Review account activity if you suspect unauthorized access