# Security

Security settings allow you to manage your personal account security, including password and two-factor authentication (2FA).

### Accessing Security Settings

1. Go to **Settings**
2. Select **User** scope
3. Click **My Profile** tab

### Password Management

#### Updating Your Password

To change your password:

1. Find the **Security** section
2. Click **Update** next to Password
3. Enter your current password
4. Enter and confirm new password
5. Click **Save**

#### Password Requirements

Strong passwords should:

* Be at least 12 characters
* Include uppercase and lowercase letters
* Include numbers
* Include special characters
* Not be reused from other sites

#### Password Best Practices

* **Use a Password Manager**: Generate and store unique passwords
* **Never Reuse**: Each account should have a unique password
* **Regular Updates**: Change passwords periodically
* **No Sharing**: Never share your password

### Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring a second verification step when logging in.

#### Enabling 2FA

1. Go to Security settings
2. Click **Enable/Disable** next to Two Factor Authentication
3. Follow the setup wizard:
   * Scan QR code with authenticator app
   * Enter verification code
   * Save backup codes
4. Click **Enable**

#### Supported Authenticator Apps

Any TOTP-compatible app works:

* Google Authenticator
* Authy
* 1Password
* Microsoft Authenticator
* Bitwarden

#### Backup Codes

When you enable 2FA, save your backup codes:

{% hint style="warning" %}
**Save your backup codes securely!** They're the only way to access your account if you lose your authenticator device.
{% endhint %}

Store backup codes: - In a password manager - Printed in a secure location - NOT in an unencrypted file

#### Using 2FA

After enabling:

1. Enter your password as usual
2. Open your authenticator app
3. Enter the 6-digit code
4. Code refreshes every 30 seconds

#### Disabling 2FA

To disable (not recommended):

1. Go to Security settings
2. Click **Enable/Disable**
3. Enter your current 2FA code
4. Confirm disable

### Authentication Methods

TeraSwitch supports multiple authentication methods:

#### Email/Password

Standard login with:

* Email address
* Password
* Optional 2FA

#### Google OAuth

Sign in with Google:

* Linked to Google account
* Uses Google's security
* Can be used alongside password

#### Managing Auth Methods

The Organization Members page shows which authentication methods each user has enabled.

### Email Preferences

#### Accessing Email Settings

1. Go to **Settings**
2. Select **User** scope
3. Click **Email Preferences** tab

#### Notification Types

Configure which emails you receive:

* Service alerts
* Billing notifications
* Security alerts
* Product updates

#### Managing Preferences

1. Check/uncheck notification types
2. Click **Save Changes**

### Security Best Practices

#### Account Security

1. **Enable 2FA**: The most important step
2. **Strong Password**: Unique, complex password
3. **Secure Email**: Protect your email account too
4. **Regular Review**: Check account activity

#### Session Security

* Log out from shared computers
* Review active sessions
* Report suspicious activity
* Use secure networks

#### API Security

* Rotate tokens regularly
* Use minimal permissions
* Monitor token usage
* Revoke unused tokens

#### Team Security

* Require 2FA for all members
* Regular access reviews
* Remove departed members immediately
* Use project-level permissions

### Account Recovery

#### Lost Password

1. Click "Forgot Password" on login
2. Enter your email
3. Check email for reset link
4. Set new password

#### Lost 2FA Device

If you lose your authenticator:

1. Use a backup code
2. Disable 2FA
3. Set up 2FA again with new device

#### Locked Out

If completely locked out:

1. Contact TeraSwitch support
2. Verify your identity
3. Work with support to restore access

### Security Monitoring

#### Review Activity

Regularly check:

* [Audit History](/account/audit-history.md) for account actions
* Login activity
* API usage
* Member changes

#### Suspicious Activity

Report if you notice:

* Logins you didn't make
* Resources you didn't create
* Changes you didn't authorize
* Unknown members added


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.teraswitch.com/account/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.