Profile and 2FA

Routes:

• /profile
• /two-factor

These pages are user-level account security controls for the signed-in admin.

Profile Page

What you can do:

• View account identity and role information
• Review auth providers
• Change password
• Review current 2FA status
• Regenerate backup codes
• Reset authenticator setup
• Disable 2FA with verification

Two-Factor Page

What you can do:

• Start 2FA setup
• Scan QR code or copy manual secret
• Verify OTP code to enable
• Save backup codes
• Regenerate backup codes
• Reset 2FA using current OTP or backup code

Recommended Security Practice

1. Enable 2FA immediately for all admin users.
2. Store backup codes in a secure password vault.
3. Regenerate backup codes if compromise is suspected.
4. Use reset workflow only when authenticator access is lost.

Related Pages

• Admins
• Settings