The Security page is where you protect your own account: change your password, restrict which IP addresses can log in, review active sessions, and enable two-factor authentication. Open it by clicking your avatar in the top-right corner and selecting Security.
Key capabilities:
Password — change it via a modal that requires your current password; new passwords need at least 8 characters.
Allowed IP Addresses — whitelist your current IP, a static IP, a subnet in CIDR notation, or an IP range. With no IPs listed, the account is accessible from anywhere; once you add IPs, logins from anywhere else are blocked.
Active Sessions — see every device logged into your account with OS, browser, IP, and location, and Terminate any session except your current one.
Two-Factor Authentication — scan a QR code (or enter the secret key) in an authenticator app like Google Authenticator, then confirm with a 6-digit code. After login, you'll always need both your password and the current code.
Worth knowing: when you enable 2FA you're shown a 16-character backup code exactly once — store it safely, because it's your only self-service way in if you lose your authenticator app; otherwise an administrator must help. Only whitelist static IPs — dynamic IPs change and can lock you out. If 2FA codes are rejected, check that your phone's clock is set to automatic time.
