Settings & Configuration

Security Settings

Security settings help protect your organization's data and user accounts. Configure password policies, enable two-factor authentication, and manage session behavior from a single page.

Security Features

Password Management

Change passwords, enforce minimum complexity, and set expiration policies.

Two-Factor Authentication

Add an extra layer of security with TOTP-based 2FA for all user accounts.

Session Management

Control session timeouts, concurrent session limits, and forced logouts.

Account lockout after failed attempts, IP allowlisting, and audit logging.

Changing Your Password

Field	Required	Type	Description
Current Password	Required	password	Your existing password for verification.
New Password	Required	password	Minimum 8 characters. Must include uppercase, lowercase, and a number.
Confirm Password	Required	password	Re-enter the new password to confirm.

Go to Security Settings

Navigate to Settings → Security from the sidebar.

Enter Current Password

In the Change Password section, enter your current password for verification.

Set New Password

Enter and confirm your new password. The password strength indicator shows whether it meets the minimum requirements.

Click Update Password

Click Update Password to save. You'll remain logged in with the new password.

Two-Factor Authentication (2FA)

Two-factor authentication adds a second verification step when logging in. After entering your password, you'll need to provide a time-based one-time password (TOTP) from an authenticator app.

Enable 2FA — Click Enable Two-Factor Authentication in the security settings page
Scan QR Code — Use an authenticator app (Google Authenticator, Authy, etc.) to scan the QR code
Verify — Enter the 6-digit code from your authenticator app to confirm setup
Backup Codes — Save your backup recovery codes in a secure location for emergency access

Recovery Codes

Backup codes are shown only once during 2FA setup. Store them securely. If you lose access to your authenticator app and backup codes, contact your Organization Admin to reset 2FA.

Session Policies

Session Timeout — Automatically logs users out after a period of inactivity (configurable by Org Admin)
Concurrent Sessions — Limit how many devices a user can be logged in from simultaneously
Force Logout — Admins can force logout all sessions for a specific user from the user management page

Recommended Settings

Enable 2FA for all admin roles (Org Admin, Branch Admin) as a best practice. For learner accounts, 2FA is optional but recommended for exam integrity.

Custom Roles

Notification Settings