Security Settings

Protect your account with strong security settings. Manage authentication, sessions, and access controls.

Password Security

Strong Password Requirements

Your password must include:

• Minimum 12 characters
• At least one uppercase letter
• At least one lowercase letter
• At least one number
• At least one special character

Changing Password

Password History

• Cannot reuse last 5 passwords
• Helps prevent password cycling

Two-Factor Authentication (2FA)

Why Use 2FA

Two-factor authentication adds an extra security layer:

• Even if password is compromised, account stays safe
• Required for accessing sensitive features
• Recommended for all users

Setting Up 2FA

Supported Authenticator Apps

• Google Authenticator
• Authy
• 1Password
• Microsoft Authenticator
• Any TOTP-compatible app

Backup Codes

If you lose access to your authenticator:

1. Use one of your backup codes
2. Each code works once only
3. Generate new codes after use

Disabling 2FA

1. Go to Settings > Security > 2FA
2. Click Disable 2FA
3. Enter your password and 2FA code
4. Confirm disabling

Session Management

Active Sessions

View all logged-in sessions:

1. Go to Settings > Security > Sessions
2. See list of active sessions with:
   • Device type
   • Browser
   • Location (approximate)
   • Last active time

Ending Sessions

Revoke access from a device:

1. Find the session in the list
2. Click End Session
3. That device is immediately logged out

End All Sessions

Log out everywhere:

1. Click End All Other Sessions
2. Keeps current session active
3. All other devices logged out

Login Security

Login Notifications

Get alerted about account access:

• New device login (always on)
• New location login
• Failed login attempts

Login Restrictions

IP Allowlist (Enterprise)

Restrict access to specific IPs:

1. Go to Settings > Security > IP Restrictions
2. Add allowed IP addresses or ranges
3. Block all other access

Time-Based Restrictions

Limit login times:

• Only during business hours
• Specific days of week
• Custom schedules

Account Lockout

After failed login attempts:

API Keys

Managing API Keys

For integrations and automation:

1. Go to Settings > Security > API Keys
2. Click Generate New Key
3. Name your key
4. Set permissions
5. Copy key (shown only once)

Key Permissions

Revoking Keys

1. Find key in the list
2. Click Revoke
3. Key immediately stops working

Privacy Settings

Data Collection

Control what data Cothon collects:

• Usage Analytics - Help improve the product
• Error Reports - Automatic crash reporting
• Feature Usage - Track feature engagement

Data Retention

Set how long data is retained:

Data Export

Download your data:

1. Go to Settings > Security > Data Export
2. Click Request Export
3. Receive download link via email
4. Export includes all your data

Data Deletion

Request complete data deletion:

1. Go to Settings > Account > Delete Account
2. Request deletion
3. 30-day grace period
4. Permanent deletion after

Security Log

Viewing Events

See all security-related activity:

1. Go to Settings > Security > Security Log
2. View chronological list of events
3. Filter by event type

Event Types

Exporting Logs

1. Click Export in security log
2. Choose date range
3. Download CSV file

Organizational Security

Admin Controls

Organization admins can:

• Require 2FA for all members
• Set password policies
• Restrict login methods
• Control data sharing

SSO Integration

For enterprise customers:

• SAML 2.0 support
• Google Workspace SSO
• Microsoft Entra ID (Azure AD)
• Okta integration

Contact sales for SSO setup.

Security Recommendations

Essential Steps

1. Enable two-factor authentication
2. Use a strong, unique password
3. Review active sessions regularly
4. Enable login notifications

Best Practices

• Don't share your password
• Log out on shared devices
• Review API key permissions
• Check security log periodically

Next Steps

• Organization Settings - Team security
• Notifications - Security alerts
• Integrations - Secure integrations