Account security and 2FA
Turn on 2FA from User account settings using a TOTP app (Google Authenticator, 1Password, Authy). Recovery codes get stored on your account when you enable it.
Account security is User-level, it applies to every workspace you log into.
Enable 2FA
- User account → Security → Two-factor authentication
- Scan the QR code with your authenticator app (TOTP standard)
- Enter the 6-digit code to confirm
- Save your recovery codes, printable, one-time use, kept for lost-device recovery
After this, every login requires the 6-digit code in addition to your password.
Active sessions
Security → Active sessions lists every device currently logged in (browser, OS, last activity). Sign out from any unrecognized session immediately and rotate your password.
Password
Change from Security → Password. Use a unique 12+ character password, a password manager makes this easy. Reused passwords are the single largest cause of account compromise.