e-satisfaction

Account security

Your security settings are where you keep your account safe across the whole suite. Here you can change your password, turn on an extra layer of sign-in protection, review every device that's signed in, and create tokens for integrations. A few minutes here goes a long way toward keeping your account yours.

Changing your password

To update your password, enter your current password, then a new one of at least 8 characters with help from a strength indicator, and confirm it. The change takes effect immediately. If you've forgotten your current password instead, see Password & recovery.

Multi-factor authentication

Multi-factor authentication (MFA) adds a second step to signing in, so a password alone isn't enough to get into your account. When it's on, signing in needs your password plus a one-time code we email you. No authenticator app or phone is required.

Open Security settings

Go to your account's Security section and find the multi-factor authentication toggle.

Turn it on

Switch it on and re-enter your password to confirm. From now on, sign-in will ask for an emailed code.

Sign in with a code

At sign-in, we email a single-use code that expires after about 15 minutes. If it doesn't arrive, you can request a new one.

Turning MFA off also requires re-entering your password, so no one can quietly weaken your account's protection.

Active sessions

Active sessions show every device and browser where you're currently signed in — including the device, browser, IP address, last activity, and which session is the one you're using now.

You can revoke any session to sign that device out, or choose Revoke all other sessions to sign out everywhere except where you are. This is handy if you've used a shared computer or no longer recognize a device.

API tokens

API tokens — also called personal access tokens — let integrations and scripts act on your behalf without using your password.

  • Create a token by naming it, setting an expiry (or never), and choosing its permissions. You copy the token once at creation — it's shown only that one time.
  • Manage tokens from the list, which shows each token's last-used date and expiry. You can rename one or change its permissions.
  • Revoke a token to disable it immediately. Expired tokens are cleaned up automatically.

Treat tokens like passwords

An API token can access your account, so store it somewhere safe and never share it. If a token is ever exposed, revoke it right away and create a new one.

Changing your sign-in email

You can also update your sign-in email from Security. Enter a new address and it shows as "Not verified" until you click the link we send to it. You can keep signing in with your old email until the new one is verified — after that, only the new email signs you in.

For organization-wide security policies, visit the Admin Panel.

PreviousProfile & preferencesNext Notifications