Security Settings

Protect your account with strong passwords, two-factor authentication, and session management.

Password Management

Changing Your Password

1. Go to User Settings > Security
2. Click Change Password
3. Enter current password
4. Enter new password (twice)
5. Click Update Password

Password Requirements

Passwords must meet:

• Minimum 8 characters
• At least one uppercase letter
• At least one lowercase letter
• At least one number
• At least one special character

Password Best Practices

• Use a unique password for Securtea
• Consider using a password manager
• Don't share your password
• Change if you suspect compromise

Two-Factor Authentication (2FA)

Why Use 2FA?

Two-factor authentication adds an extra layer of security:

• Something you know (password)
• Something you have (authenticator app)

Even if your password is compromised, 2FA protects your account.

Setting Up 2FA

1. Go to User Settings > Security
2. Find Two-Factor Authentication
3. Click Enable 2FA
4. Scan QR code with authenticator app
5. Enter the 6-digit code
6. Save backup codes

Authenticator Apps

Compatible apps include:

• Microsoft Authenticator
• Google Authenticator
• Authy
• 1Password
• Bitwarden

Backup Codes

When enabling 2FA, you receive backup codes:

• 10 one-time use codes
• Use if you lose access to authenticator
• Store securely (password manager, safe)

Regenerating Codes:

1. Go to 2FA settings
2. Click Regenerate Backup Codes
3. Old codes are invalidated
4. Save new codes

Disabling 2FA

To turn off 2FA:

1. Go to Security settings
2. Click Disable 2FA
3. Enter a current 2FA code
4. Confirm

Session Management

Active Sessions

View all your active sessions:

Ending Sessions

End a specific session:

1. Find session in list
2. Click End Session
3. That session is logged out

End all other sessions:

1. Click End All Other Sessions
2. All sessions except current are logged out

Use this if you suspect unauthorized access.

Session Security

Sessions are secured with:

• Encrypted cookies
• 5-minute refresh interval
• Automatic expiration
• Cross-site protection

Connected Accounts

Viewing Connected Accounts

See accounts linked to your profile:

• Microsoft (if used for sign-in)
• SSO provider (if applicable)

Linking Accounts

Add additional sign-in methods:

1. Click Link Account
2. Choose provider (Microsoft)
3. Authenticate with that provider
4. Account is linked

Unlinking Accounts

Remove a connected account:

1. Find account in list
2. Click Unlink
3. Confirm

Security Events

Recent Activity

View recent security events:

• Sign-ins
• Password changes
• 2FA changes
• Failed sign-in attempts

Suspicious Activity

If you notice unfamiliar activity:

1. End all other sessions immediately
2. Change your password
3. Enable or verify 2FA
4. Contact support if needed

Organization Security Requirements

Your organization may enforce:

Contact your organization admin about security policies.

Account Recovery

Forgot Password

If you forget your password:

1. Click Forgot Password on sign-in
2. Enter your email
3. Receive reset link
4. Create new password

Lost 2FA Access

If you lose access to your authenticator:

1. Use a backup code
2. Contact support with verification
3. 2FA may be reset by admin

Locked Account

If your account is locked:

• Wait for lockout period (15 minutes)
• Contact support for immediate unlock
• Verify your identity

Best Practices

Regular Security Review

Periodically:

• Check active sessions
• Review security events
• Update password
• Verify recovery info

Device Security

Protect devices you use:

• Keep devices updated
• Use device passwords/biometrics
• Don't use public computers
• Sign out when done

What's Next?

• Profile Settings - Account information
• Notification Preferences - Alert settings
• SSO Configuration - Enterprise sign-in