Skip to main content

How do I keep my account secure?

Your account security comes down to a few concrete controls: how you sign in, whether two-step verification is on, who else has access to your organization, and making sure you sign out on shared devices.

Use a strong, unique password

If you sign in with a password, go to Settings > Security (or navigate to /user#/security) and change it there. Use a password you do not reuse on other sites. A password manager makes this straightforward.

Turn on two-step verification

Two-step verification requires a six-digit code from an authenticator app each time you sign in. This prevents someone who gets your password from accessing your account.

  1. Go to Settings > Account, then click the Security tab, or navigate directly to /user#/security.

  2. Under Two-step verification, click Add authenticator application.

  3. Scan the QR code with any TOTP-compatible app (Google Authenticator, Authy, 1Password, and others all work).

  4. Enter the six-digit code to confirm setup.

  5. Save the backup codes. These are the only way to get back in if you lose access to your authenticator app.

Once set up, you will be prompted for a code on every new sign-in.

Review connected sign-in methods

If you have linked a social account (such as Google) as a sign-in option, those appear on the Security tab. Remove any connection you no longer use by clicking Disconnect next to it. You can only disconnect a social account if you have another sign-in method still active.

Review who has access to your organization

Organization administrators can see and remove members under Settings > Organization. If someone should no longer have access, remove them there. Their session ends and they can no longer access your data.

Sign out when done on shared devices

Click your avatar or account name in the top right of the app and select Sign out. On a shared or public computer, always sign out before leaving.

What to do if you think your account was accessed by someone else

  1. Change your password immediately from Settings > Security.

  2. Review connected sign-in methods and disconnect any you do not recognize.

  3. Enable two-step verification if it is not already on.

  4. Ask an organization administrator to review the member list and remove anyone who should not have access.

Related Articles
How do I change my password?
How do I connect or disconnect a third-party account or Google login?
How do I set up two-step verification with an authenticator app?
How do I view active devices and log out of one remotely?
How do I recover access if I lose my 2FA device?
Did this answer your question?