Security Settings
Configure security policies for your platform, including two-factor authentication (2FA), session management, and access controls.
Two-Factor Authentication (2FA)
Add an extra layer of security to user accounts with time-based one-time passwords (TOTP).
Recommended
Enable 2FA for all admin accounts to protect sensitive platform settings and user data.
Enabling 2FA for Users
1
Navigate to User Settings
Go to Users and select the user account.
2
Enable 2FA
Toggle on Two-Factor Authentication in the security section.
3
User Setup
The user will be prompted to set up 2FA on their next login using an authenticator app (Google Authenticator, Authy, etc.).
4
Backup Codes
Users receive backup codes for account recovery. These should be stored securely.
Supported Authenticator Apps
- Google Authenticator - iOS, Android
- Authy - iOS, Android, Desktop
- Microsoft Authenticator - iOS, Android
- 1Password - All platforms
- Any TOTP-compatible app
Session Management
Control how long user sessions remain active:
| Setting | Default | Description |
|---|---|---|
| Session Timeout | 24 hours | How long until inactive sessions expire |
| Remember Me Duration | 30 days | Extended session for "Remember Me" option |
| Concurrent Sessions | Unlimited | Number of active sessions per user |
Login Security
Failed Login Protection
Protect against brute force attacks:
- Account Lockout - Lock account after 5 failed attempts
- Lockout Duration - 30 minutes (configurable)
- IP-Based Rate Limiting - Limit login attempts per IP
Activity Logging
All security events are logged:
- Successful and failed login attempts
- 2FA setup and verification
- Password changes
- Permission changes
- Account lockouts
Role-Based Access Control
Control what different user roles can access:
| Permission | User | Admin | Super Admin |
|---|---|---|---|
| Create/Edit Projects | Yes | Yes | Yes |
| Publish Sites | Yes | Yes | Yes |
| Manage Users | No | Yes | Yes |
| Configure Plans | No | No | Yes |
| System Settings | No | No | Yes |