Sign InGet Started

Security

Control how you sign in, protect your account with a second factor, and manage connected sign-in methods.

Overview

The Security section gives you control over your authentication credentials. From here you can change your password, enroll in multi-factor authentication (MFA) using a TOTP authenticator app, and link or unlink social sign-in providers like Google, GitHub, or Microsoft. These settings apply to your personal account and do not affect other team members.

Security settings page showing password change, multi-factor authentication, and connected sign-in providers

How It Works

  1. Open security settings — Navigate to Personal Profile in your settings menu, then select Security.

  2. Change your password — If you signed up with email and password, the Update Password section appears. Enter a new password and confirm it. A verification email is sent, and your password updates after you follow the link.

  3. Set up multi-factor authentication — In the Multi-Factor Authentication section, click "Set up MFA". Give the factor a name (e.g., "Work phone"), then scan the QR code with your authenticator app (Google Authenticator, Authy, 1Password, or any TOTP-compatible app). Enter the six-digit code from your app to verify and activate the factor.

  4. Manage MFA factors — Your enrolled factors appear in a table showing the factor name, type (TOTP), and verification status. To remove a factor, click the remove button on its row and confirm. You must have at least one sign-in method remaining after removing a factor.

  5. Link or unlink social accounts — If identity linking is enabled on your workspace, the Linked Accounts section shows which providers are connected to your account (email, Google, GitHub, Microsoft). You can link additional providers or unlink ones you no longer use, as long as you keep at least one active sign-in method.

Key Capabilities

  • Password update: Change the password associated with your email sign-in. Only available if you use password-based authentication.
  • TOTP multi-factor authentication: Add a time-based one-time password factor using any TOTP authenticator app. You can register multiple named factors (e.g., one per device).
  • MFA factor management: View all enrolled factors, see their verification status, and remove factors you no longer need.
  • Linked accounts: Connect or disconnect social sign-in providers (Google, GitHub, Microsoft) from your account, giving you flexibility in how you sign in.

MFA Enrollment in Detail

When you add a new MFA factor:

  1. You give the factor a friendly name so you can identify it later (e.g., "iPhone Authenticator").
  2. Hamster displays a QR code. Open your authenticator app, add a new entry, and scan the code.
  3. Your app generates a six-digit rotating code. Enter it in the verification field.
  4. Once verified, the factor is marked as active and required at future sign-ins.

Your authenticator app stores a secret linked to this code. If you lose access to your device, you will need to use an alternative sign-in method or contact your workspace administrator.

Tips

  • Name each MFA factor after the device it's on (e.g., "Personal phone", "Work laptop Authy"). This makes it easy to identify and remove factors when a device is lost or replaced.
  • If you sign in with Google or GitHub and want to also be able to sign in with email and password, use the "Link email/password" option in the Linked Accounts section to add that method.
  • Keep at least two sign-in methods connected to your account so you're not locked out if one becomes unavailable.

Related