Skip to main content

Secure your sign-in

Add two-factor authentication from the Security page: an authenticator app, recovery codes, and passkeys are all supported.

Every user manages their own sign-in security. Open the account menu, then Security.

Authenticator app (TOTP). Click Set up authenticator app and scan the code with an app like Google Authenticator or Authy. From then on, sign-in asks for your password and a 6-digit code.

Recovery codes. After the authenticator is set up, click Generate recovery codes. You get 10 one-time codes that let you in if you lose your phone. Store them somewhere safe.

Passkeys. Click Manage passkeys to register a hardware security key or your device's biometrics (Face ID, Touch ID) as a sign-in method.

[facsimile candidate: Security Settings page with the three cards]

Two-factor is optional for regular users. A few related basics:

  • Forgot password? on the login page sends a reset link by email.
  • My Profile holds your first and last name. Keep it accurate: your typed full name is how you sign trained-individual calibration reviews.
  • You can link a Google account from My Profile to sign in with Google. Google sign-in does not attach itself to an existing email account automatically; link it yourself from the profile page.
  • Sessions expire after 24 hours of inactivity.
Generate recovery codes right away

If you turn on the authenticator app and lose the phone before generating recovery codes, you have no second factor left to sign in with. Do both steps in the same sitting.

Related