Securing your account: two-factor and team logins

What it is

The settings that keep your business data safe: a strong password, two-factor authentication (2FA) for an extra step at sign-in, and a separate login for each team member.

Why it helps

Your client records, payments and messages are sensitive. Two-factor means a stolen or guessed password is not enough on its own to get in, and separate logins mean you can see who did what and remove access cleanly when someone leaves.

How to use it

1. 1Turn on two-factor authentication under your account security settings. You scan a code with an authenticator app on your phone, and from then on it asks for a short code when you sign in.
2. 2Save your recovery codes somewhere safe when you set up 2FA. They let you back in if you lose your phone.
3. 3Change your password any time from the same place, and use a long, unique one you do not use anywhere else.
4. 4Give each team member their own login rather than sharing one (see Adding your team). When someone leaves, remove their access so they can no longer sign in.