Account & Profile Beginner 5 min read

Account Security

Protect your account with strong passwords and security settings

Account Security

Your account security protects not just your data, but your entire team's workspace. Follow these practices to keep your account safe.

Password Management

Changing Your Password

  1. Go to Profile > Security or Password
  2. Enter your current password
  3. Enter your new password
  4. Confirm the new password
  5. Click Update Password

password-change-form.png - Password change form with input fields

Password Requirements

Strong passwords must have:

  • At least 8 characters
  • Mix of uppercase and lowercase letters
  • At least one number
  • At least one special character

Password Tips

  • Unique - Don't reuse passwords from other sites
  • Memorable - Use a passphrase you can remember
  • Secret - Never share your password
  • Fresh - Change periodically (every 3-6 months)

Two-Factor Authentication (2FA)

Add an extra layer of security beyond your password.

Enabling 2FA

  1. Go to Profile > Security
  2. Find Two-Factor Authentication
  3. Click Enable 2FA
  4. Choose your method:
    • Authenticator App (recommended)
    • SMS Code
  5. Follow the setup instructions
  6. Save your backup codes

2fa-setup.png - Two-factor authentication setup screen

Using an Authenticator App

  1. Download an authenticator app (Google Authenticator, Authy, etc.)
  2. Scan the QR code displayed in Hydra
  3. Enter the 6-digit code from your app
  4. 2FA is now active

Backup Codes

When you enable 2FA, you receive backup codes:

  • Save these in a secure location
  • Each code can only be used once
  • Use if you lose access to your authenticator
  • Generate new codes anytime from security settings

Disabling 2FA

  1. Go to security settings
  2. Click Disable 2FA
  3. Enter your password to confirm
  4. 2FA is removed from your account

Active Sessions

See where your account is logged in:

Viewing Sessions

  1. Go to Profile > Security
  2. Find Active Sessions
  3. View list of logged-in devices

Each session shows:

  • Device type and browser
  • Location (approximate)
  • Last active time

active-sessions.png - List of active sessions with device info

Ending Sessions

If you see unfamiliar sessions:

  1. Click Revoke next to the session
  2. That device is immediately logged out
  3. Or click Revoke All to log out everywhere except current device

Login History

Review recent access to your account:

  1. Go to security settings
  2. Find Login History
  3. View recent login attempts

The log shows:

  • Date and time
  • Location
  • Device/browser
  • Success or failure

login-history.png - Login history log with recent entries

Security Alerts

Hydra notifies you of security events:

  • New device login - First login from unknown device
  • Password changed - Confirmation of password update
  • 2FA changes - When 2FA is enabled/disabled
  • Failed login attempts - Multiple failed password attempts

Check these alerts to spot unauthorized access attempts.

Account Recovery

If you lose access:

Forgot Password

  1. Click Forgot Password on login page
  2. Enter your email address
  3. Check email for reset link
  4. Create a new password

Lost 2FA Device

  1. Use a backup code to log in
  2. Or contact your administrator
  3. Verify your identity
  4. Regain access and reset 2FA

Best Practices

  • Enable 2FA - Significantly reduces unauthorized access risk
  • Review sessions - Check active sessions monthly
  • Act on alerts - Investigate any unexpected security notifications
  • Secure your email - Your email is the key to password recovery
  • Log out on shared devices - Always log out on public computers
  • Keep backup codes safe - Store them like you would a spare key