Profile & 2FA

Edit your full name and avatar from the top card. Changes save on click — no separate "Save" button.

Email changes require re-verification: a confirmation link is sent to the new address; the change applies once you click it.

1. Open the Security tab.
2. Enter your current password (proof of possession).
3. Enter the new password — same rules as registration: 8+ chars, mixed case, number.
4. Confirm. All other active sessions are signed out automatically.

Enable:

1. Click Enable 2FA.
2. Scan the QR code with your authenticator app (1Password, Authy, Google Authenticator, etc.).
3. Enter the rotating 6-digit code to confirm.
4. Save the backup codes shown after enrollment — they let you recover access if your authenticator is lost.

Disable: click Disable 2FA, enter your password and a current TOTP code to confirm. We recommend keeping 2FA enabled for any account that can read production secrets.

The Organizations card lists every org you belong to and your role in each:

• Switch — make this org active. Both dashboard and CLI follow the active org.
• Leave — relinquish your membership. Owners must transfer ownership first.

The currently active org is also shown in the top-right org switcher; either entry point works.

If someone invited you to an organization, you'll see a banner on the dashboard and a row in the Invitations card on this page. Each row has Accept and Declinebuttons. Accepting joins you to the org with the role assigned in the invitation.

Direct invite links from email also land here when you're already signed in.

Sign out of the current session from the avatar menu. Changing your password automatically invalidates every other session. To revoke an API key (which is conceptually a long-lived session), visit /dashboard/api-keys.