> ## Documentation Index
> Fetch the complete documentation index at: https://help.onetsolutions.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Settings

> Secure your OnetSolutions account with password management and two-factor authentication

Protect your account with strong passwords and multi-factor authentication (MFA). Access security settings at **Settings > Security**.

## Changing Your Password

<Steps>
  <Step title="Navigate to Security">
    Go to **Settings > Security** in your dashboard.
  </Step>

  <Step title="Enter current password">
    In the password section, enter your current password.
  </Step>

  <Step title="Create new password">
    Enter your new password. It must meet the following requirements:

    * Minimum 8 characters
    * At least one uppercase letter
    * At least one lowercase letter
    * At least one number
  </Step>

  <Step title="Confirm and save">
    Re-enter the new password to confirm, then click "Change Password".
  </Step>
</Steps>

<Warning>
  After changing your password, you may be asked to log in again on other devices.
</Warning>

## Two-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring a second verification step when logging in.

### Available Methods

<CardGroup cols={2}>
  <Card title="Authenticator App" icon="smartphone">
    Use apps like Google Authenticator, Authy, or 1Password to generate time-based codes (TOTP).
  </Card>

  <Card title="Email Verification" icon="envelope">
    Receive a verification code by email each time you log in.
  </Card>
</CardGroup>

### Setting Up Authenticator App (TOTP)

<Steps>
  <Step title="Click Setup">
    In the MFA section, click "Setup" next to Authenticator App.
  </Step>

  <Step title="Scan QR Code">
    Open your authenticator app and scan the displayed QR code. Alternatively, manually enter the secret key shown below the QR code.
  </Step>

  <Step title="Enter verification code">
    Enter the 6-digit code from your authenticator app to verify the setup.
  </Step>

  <Step title="Complete setup">
    Click "Verify" to enable TOTP authentication.
  </Step>
</Steps>

<Tip>
  Save the secret key in a secure location. You'll need it if you change or lose your phone.
</Tip>

### Enabling Email Verification

Toggle the switch next to "Email Verification" to enable or disable email-based MFA. When enabled, you'll receive a code at your registered email address each time you log in.

### Disabling MFA

To disable an MFA method:

* **Authenticator App**: Click "Disable" next to the enabled badge
* **Email Verification**: Toggle the switch off

<Warning>
  We strongly recommend keeping at least one MFA method enabled to protect your account.
</Warning>

## Active Sessions

View and manage your active sessions at **Settings > Sessions**.

This section shows:

* **Device information**: Browser and operating system
* **Location**: Approximate location based on IP address
* **Last activity**: When the session was last used

You can revoke any session except your current one by clicking the revoke button.

## Security Best Practices

<AccordionGroup>
  <Accordion title="Use a strong, unique password">
    Create a password that you don't use on any other website. Consider using a password manager.
  </Accordion>

  <Accordion title="Enable MFA">
    Always enable at least one form of two-factor authentication, preferably an authenticator app.
  </Accordion>

  <Accordion title="Review active sessions regularly">
    Check your active sessions periodically and revoke any that you don't recognize.
  </Accordion>

  <Accordion title="Keep your email secure">
    Your email is used for password recovery. Make sure it has strong security enabled.
  </Accordion>
</AccordionGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Profile Settings" icon="user" href="/console/profile">
    Update your personal information
  </Card>

  <Card title="API Keys" icon="key" href="/console/api-keys">
    Manage API access tokens
  </Card>
</CardGroup>
