Skip to content

Open Security settings

Settings → Security is the public account-protection workspace. It brings together your two-factor methods, recovery options, passkeys, and authorized organization sign-in policy. Sensitive changes can require your current password and an active second factor.

Typical time
2–10 minutes
You need
Your own account and current verification method
Outcome
The correct security workflow

Open Settings → Security. Confirm the page title is Security and review the current account-protection summary before starting a change.

Security 1 of 3 · Screenshot placeholder

Open account Security settings

Show the Security page header and a synthetic protection summary.

Future capture briefHide email addresses, account identifiers, sign-in history, device details, and recovery material.

Use the account security guides for the complete steps:

  • Account security overview
  • Sign in with two-factor authentication
  • Change password and manage sessions
  • Manage two-factor methods and passkeys

Use the focused account guides when they are listed in the public sidebar. They cover enrollment, preference changes, recovery-code regeneration, passkey add/rename/revoke, session revocation, and other account actions without copying sensitive values into documentation.

Security 2 of 3 · Screenshot placeholder

Choose an account protection workflow

Show the public methods, recovery, passkey, and policy areas using synthetic status.

Future capture briefNever capture passwords, one-time codes, recovery codes, QR secrets, reauthentication tokens, or passkey credential IDs.

For a protected action:

  1. start the action from your own Security page;
  2. enter your current password only in the protected verification form;
  3. complete the requested second-factor method;
  4. confirm the success message; and
  5. reload the relevant status.

Organization sign-in policy changes require the matching organization authority. Your personal security controls do not grant authority over another user’s account.

Security 3 of 3 · Screenshot placeholder

Complete protected verification

Show an empty synthetic verification form and the safe success boundary.

Future capture briefKeep every verification field empty and hide user, organization, request, and credential identifiers.

Confirm the intended method, policy, session, or passkey status changed after the backend success response. Never treat a locally selected option as proof of a completed security mutation.

Enable an eligible second factor on your own account, then retry the protected action.

Use the newest code, check device time for authenticator codes, or use an eligible saved recovery method. Do not paste codes into support requests.

Personal account protection and organization sign-in policy have different permissions. Ask an authorized organization owner to review the policy.