# USER ACCOUNTS ## Sign-in Methods This section displays all the methods available to access your account. To access your security settings, navigate to **Account** → **Security**. ### Email & Password Your primary email address is displayed along with its verification status. You can set or update your password from this section: * **Set Password**: If you signed up using a federated identity provider (like Google or Microsoft), you may not have a password set. You can create one to have an alternative sign-in method. * **Update Password**: If you already have a password, you can change it by entering your current password followed by the new one. Password requirements are configured by your platform administrator and typically require a minimum length of 6-8 characters. ### Passkeys Passkeys provide a modern, passwordless way to sign in to your account using biometric authentication (fingerprint, face recognition) or a hardware security key. Passkeys are: * **More secure** than passwords - they can't be phished or stolen * **Easier to use** - no need to remember complex passwords * **Cross-platform** - can sync across your devices (depending on your platform) #### Adding a Passkey 1. In the **Passkeys for Sign-in** section, enter a descriptive name for your passkey (e.g., "MacBook Pro", "iPhone", "Windows PC") 2. Click **Add Passkey** 3. Your browser will prompt you to authenticate using: * Biometric authentication (Touch ID, Face ID, Windows Hello) * A hardware security key * Your device PIN 4. Once verified, the passkey is registered and appears in your list #### Managing Passkeys Your registered passkeys are displayed in a list showing: * **Name**: The identifier you assigned * **Authenticator type**: The type of authenticator used (when available) * **Created**: When the passkey was registered * **Last used**: When you last signed in with this passkey To remove a passkey, click the delete icon next to it and confirm the action. #### Signing in with a Passkey When passkey login is enabled on your platform: 1. On the login page, click **Sign in with Passkey** 2. Your browser will prompt you to select and authenticate with a registered passkey 3. After successful authentication, you're signed in directly > **Note**: Passkeys require a compatible browser and device. If your browser doesn't support WebAuthn, the passkey options won't be visible. ### Connected Accounts If your platform has federated identity providers configured (such as Google, Microsoft, Auth0, or others), this section displays your linked accounts. For each connected account, you can see: * **Provider**: The identity provider (with logo) * **Email**: The email address associated with that provider * **Linked date**: When you connected the account #### Unlinking an Account You can disconnect a federated identity by clicking the unlink button. However, to maintain access to your account, you must have at least one of the following: * A password set on your account * Another connected identity provider If you only have one connected account and no password, you'll need to set a password before you can unlink it. *** ## Two-Factor Authentication (2FA) Two-factor authentication adds an extra layer of security to your account. After entering your password, you'll need to provide a second form of verification. Your platform supports two types of second factors: ### Authenticator App (TOTP) Time-based One-Time Passwords (TOTP) work with authenticator apps like: * Google Authenticator * Microsoft Authenticator * Authy * 1Password * Any TOTP-compatible app #### Setting up an Authenticator App 1. Click **Enable Authenticator App** 2. **Step 1 - Scan QR Code**: * Open your authenticator app and scan the displayed QR code * Alternatively, manually enter the secret key shown below the QR code 3. **Step 2 - Verify Code**: * Enter the 6-digit code displayed in your authenticator app * Click **Verify** 4. **Step 3 - Save Backup Codes**: * You'll receive 10 single-use backup codes * **Save these codes in a safe place** - they're your recovery option if you lose access to your authenticator app * Use the **Copy** button to copy all codes to your clipboard * Use the **Print** button to print a formatted page with your codes 5. Click **Done** to complete setup Once enabled, you'll see the status showing "Authenticator app is enabled" along with the number of remaining backup codes. #### Disabling the Authenticator App Click **Disable Authenticator App** and confirm the action. This will remove TOTP as a second factor and invalidate all backup codes. ### Security Keys (WebAuthn) Hardware security keys provide phishing-resistant two-factor authentication. Compatible devices include: * YubiKey * Google Titan Security Key * Feitian keys * Any FIDO2/WebAuthn compatible security key #### Adding a Security Key 1. In the **Security Keys** section, enter a name for your key (e.g., "YubiKey 5", "Titan Key") 2. Click **Add Security Key** 3. When prompted by your browser: * Insert your security key (if USB) * Tap or activate the key when it blinks 4. The key is registered and appears in your list #### Managing Security Keys Your registered security keys are displayed showing: * **Name**: The identifier you assigned * **Authenticator type**: The detected key type * **Created**: Registration date * **Last used**: When you last used this key for authentication You can register multiple security keys for redundancy. To remove a key, click the delete icon and confirm. ### Backup Codes Backup codes are generated when you enable the authenticator app. Each code: * Can only be used **once** * Is 8 characters long * Should be stored securely offline #### Using a Backup Code During login, when prompted for your two-factor code: 1. Click **Use a backup code instead** 2. Enter one of your backup codes 3. The code is consumed and can't be used again #### Checking Remaining Codes Your security settings show how many backup codes you have remaining. If you're running low, consider disabling and re-enabling the authenticator app to generate a fresh set of 10 codes. *** ## Authentication Flow with 2FA When two-factor authentication is enabled, your login process becomes: 1. Enter your username and password (or use a federated identity) 2. You're prompted for your second factor 3. Choose your verification method: * **Authenticator App**: Enter the 6-digit code from your app * **Security Key**: Insert and activate your hardware key * **Backup Code**: Enter an 8-character backup code 4. After successful verification, you're signed in If you have multiple 2FA methods configured, you can switch between them using the **Try another method** link. > **Note**: Signing in with a Passkey bypasses password and 2FA entirely, as passkeys already provide strong authentication. *** ## Best Practices 1. **Enable at least one form of 2FA** to protect your account from unauthorized access 2. **Register multiple passkeys or security keys** on different devices for redundancy 3. **Store backup codes securely** - consider a password manager or a physical safe 4. **Don't share your backup codes** - treat them like passwords 5. **Remove old or unused credentials** - if you no longer use a device, remove its passkey or security key 6. **Keep your authenticator app backed up** - some apps offer cloud sync for recovery