# Security

Keeping your account secure protects both you and your company. This guide covers the security features available to you.

## Session Management

A **session** is an active login. Every time you log in to <code class="expression">space.vars.productName</code> from a device, a session is created.

### Viewing Active Sessions

1. Go to **Settings** > **Security** (or **Sessions**).
2. You'll see a list of your active sessions, showing:
   * **Device** — The type of device (desktop, tablet, phone).
   * **Browser** — Which browser you're using.
   * **Location** — An approximate location based on your IP address.
   * **Last active** — When the session was last used.

### Ending a Session

If you see a session you don't recognize, or you forgot to log out from another device:

1. Find the session in the list.
2. Click **Sign Out** or **End Session** next to it.
3. That session will be immediately terminated.

> **Tip:** If you ever lose a device or suspect unauthorized access, sign out of all sessions immediately and change your password.

### Signing Out of All Sessions

For extra security:

1. Look for a **Sign Out of All Sessions** or **Revoke All** button.
2. Click it and confirm.
3. Every session except your current one will be ended.
4. You'll need to log in again on all other devices.

***

## Device Management

If your system tracks devices:

1. Go to **Settings** > **Security** > **Devices**.
2. You'll see a list of devices that have been used to access your account.
3. Each entry shows the device type, operating system, and when it was last used.
4. You can **remove** devices you no longer use.

Removing a device means it will need to re-authenticate the next time it tries to access your account.

***

## Login Activity

Some systems keep a log of login activity:

1. Go to **Settings** > **Security** > **Login Activity** (or **Login History**).
2. You'll see a list of recent login attempts, including:
   * **Date and time**
   * **Success or failure** — Whether the login was successful.
   * **IP address** — The network the login came from.
   * **Location** — An approximate location.

### What to Look For

* **Successful logins you don't recognize** — Someone else may have accessed your account. Change your password immediately and contact your administrator.
* **Failed login attempts** — A few failed attempts might just be typos. Many failed attempts from an unfamiliar location could mean someone is trying to guess your password.

> **Important:** If you see suspicious activity, change your password right away and notify your manager or IT team.

***

## Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security. When enabled, you'll need both your password AND a second verification step to log in.

### How 2FA Works

1. Enter your **email and password** as usual.
2. The system will ask for a **second factor** — this is typically:
   * A **code from an authenticator app** (like Google Authenticator or Microsoft Authenticator) on your phone.
   * A **code sent to your email** or **phone via SMS**.
3. Enter the code.
4. You're logged in.

### Setting Up 2FA

If your administrator has made 2FA available to you:

1. Go to **Settings** > **Security** > **Two-Factor Authentication**.
2. Click **Enable** or **Set Up**.
3. Follow the on-screen instructions:
   * **Authenticator app** — Scan the QR code with your authenticator app. Enter the code it generates to verify.
   * **SMS/Email** — Enter your phone number or confirm your email. Enter the verification code sent to you.
4. **Save your backup codes.** You'll be given a set of backup codes. Store these somewhere safe — they're your way back in if you lose access to your phone.
5. Click **Confirm** to finish setup.

### Using Backup Codes

If you can't access your authenticator app or phone:

1. On the 2FA prompt, look for a link like **Use a backup code** or **Can't access your device?**
2. Enter one of your backup codes.
3. You'll be logged in. Each backup code can only be used once.

> **Important:** If you run out of backup codes, generate new ones from your security settings. If you're completely locked out, contact your administrator.

### Disabling 2FA

If you need to turn off 2FA:

1. Go to **Settings** > **Security** > **Two-Factor Authentication**.
2. Click **Disable**.
3. You may need to enter your password or a 2FA code to confirm.

> **Note:** Your administrator may require 2FA for all users. In that case, you won't be able to disable it.

***

## General Security Tips

* **Use a strong, unique password.** Don't reuse passwords from other websites or apps.
* **Never share your credentials.** Not even with your manager or IT. Legitimate support will never ask for your password.
* **Log out when you're done.** Especially on shared computers or POS terminals.
* **Lock your screen** when stepping away from your computer (`Windows + L` on Windows, `Cmd + Control + Q` on Mac).
* **Report anything suspicious.** Unfamiliar sessions, unexpected emails, or strange behavior in the system — tell your manager or IT right away.
* **Keep your email secure.** Your email is your password recovery method. If someone has access to your email, they could reset your <code class="expression">space.vars.productName</code> password.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.in8sync.com/end-user-guide/profile-management/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.