# USER ACCOUNTS ## Sign-in Methods This section displays all the methods available to access your account. To access your security settings, navigate to **Account** → **Security**. ### Email & Password Your primary email address is displayed along with its verification status. You can set or update your password from this section: * **Set Password**: If you signed up using a federated identity provider (like Google or Microsoft), you may not have a password set. You can create one to have an alternative sign-in method. * **Update Password**: If you already have a password, you can change it by entering your current password followed by the new one. Password requirements are configured by your platform administrator and typically require a minimum length of 6-8 characters. ### Passkeys Passkeys provide a modern, passwordless way to sign in to your account using biometric authentication (fingerprint, face recognition) or a hardware security key. Passkeys are: * **More secure** than passwords - they can't be phished or stolen * **Easier to use** - no need to remember complex passwords * **Cross-platform** - can sync across your devices (depending on your platform) #### Adding a Passkey 1. In the **Passkeys for Sign-in** section, enter a descriptive name for your passkey (e.g., "MacBook Pro", "iPhone", "Windows PC") 2. Click **Add Passkey** 3. Your browser will prompt you to authenticate using: * Biometric authentication (Touch ID, Face ID, Windows Hello) * A hardware security key * Your device PIN 4. Once verified, the passkey is registered and appears in your list #### Managing Passkeys Your registered passkeys are displayed in a list showing: * **Name**: The identifier you assigned * **Authenticator type**: The type of authenticator used (when available) * **Created**: When the passkey was registered * **Last used**: When you last signed in with this passkey To remove a passkey, click the delete icon next to it and confirm the action. #### Signing in with a Passkey When passkey login is enabled on your platform: 1. On the login page, click **Sign in with Passkey** 2. Your browser will prompt you to select and authenticate with a registered passkey 3. After successful authentication, you're signed in directly > **Note**: Passkeys require a compatible browser and device. If your browser doesn't support WebAuthn, the passkey options won't be visible. ### Connected Accounts If your platform has federated identity providers configured (such as Google, Microsoft, Auth0, or others), this section displays your linked accounts. For each connected account, you can see: * **Provider**: The identity provider (with logo) * **Email**: The email address associated with that provider * **Linked date**: When you connected the account #### Unlinking an Account You can disconnect a federated identity by clicking the unlink button. However, to maintain access to your account, you must have at least one of the following: * A password set on your account * Another connected identity provider If you only have one connected account and no password, you'll need to set a password before you can unlink it. *** ## Two-Factor Authentication (2FA) Two-factor authentication adds an extra layer of security to your account. After entering your password, you'll need to provide a second form of verification. Your platform supports two types of second factors: ### Authenticator App (TOTP) Time-based One-Time Passwords (TOTP) work with authenticator apps like: * Google Authenticator * Microsoft Authenticator * Authy * 1Password * Any TOTP-compatible app #### Setting up an Authenticator App 1. Click **Enable Authenticator App** 2. **Step 1 - Scan QR Code**: * Open your authenticator app and scan the displayed QR code * Alternatively, manually enter the secret key shown below the QR code 3. **Step 2 - Verify Code**: * Enter the 6-digit code displayed in your authenticator app * Click **Verify** 4. **Step 3 - Save Backup Codes**: * You'll receive 10 single-use backup codes * **Save these codes in a safe place** - they're your recovery option if you lose access to your authenticator app * Use the **Copy** button to copy all codes to your clipboard * Use the **Print** button to print a formatted page with your codes 5. Click **Done** to complete setup Once enabled, you'll see the status showing "Authenticator app is enabled" along with the number of remaining backup codes. #### Disabling the Authenticator App Click **Disable Authenticator App** and confirm the action. This will remove TOTP as a second factor and invalidate all backup codes. ### Security Keys (WebAuthn) Hardware security keys provide phishing-resistant two-factor authentication. Compatible devices include: * YubiKey * Google Titan Security Key * Feitian keys * Any FIDO2/WebAuthn compatible security key #### Adding a Security Key 1. In the **Security Keys** section, enter a name for your key (e.g., "YubiKey 5", "Titan Key") 2. Click **Add Security Key** 3. When prompted by your browser: * Insert your security key (if USB) * Tap or activate the key when it blinks 4. The key is registered and appears in your list #### Managing Security Keys Your registered security keys are displayed showing: * **Name**: The identifier you assigned * **Authenticator type**: The detected key type * **Created**: Registration date * **Last used**: When you last used this key for authentication You can register multiple security keys for redundancy. To remove a key, click the delete icon and confirm. ### Backup Codes Backup codes are generated when you enable the authenticator app. Each code: * Can only be used **once** * Is 8 characters long * Should be stored securely offline #### Using a Backup Code During login, when prompted for your two-factor code: 1. Click **Use a backup code instead** 2. Enter one of your backup codes 3. The code is consumed and can't be used again #### Checking Remaining Codes Your security settings show how many backup codes you have remaining. If you're running low, consider disabling and re-enabling the authenticator app to generate a fresh set of 10 codes. *** ## Authentication Flow with 2FA When two-factor authentication is enabled, your login process becomes: 1. Enter your username and password (or use a federated identity) 2. You're prompted for your second factor 3. Choose your verification method: * **Authenticator App**: Enter the 6-digit code from your app * **Security Key**: Insert and activate your hardware key * **Backup Code**: Enter an 8-character backup code 4. After successful verification, you're signed in If you have multiple 2FA methods configured, you can switch between them using the **Try another method** link. > **Note**: Signing in with a Passkey bypasses password and 2FA entirely, as passkeys already provide strong authentication. *** ## Best Practices 1. **Enable at least one form of 2FA** to protect your account from unauthorized access 2. **Register multiple passkeys or security keys** on different devices for redundancy 3. **Store backup codes securely** - consider a password manager or a physical safe 4. **Don't share your backup codes** - treat them like passwords 5. **Remove old or unused credentials** - if you no longer use a device, remove its passkey or security key 6. **Keep your authenticator app backed up** - some apps offer cloud sync for recovery --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.thinger.io/security/user-accounts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.