Security

This guide explains how to manage your Xolapp account security: changing your password, changing your login email, enabling two-factor authentication (2FA), and viewing or revoking sessions. It is for all users who have sign-in access.

Where to find Security

Location: Security in the main menu (often under Settings or in the sidebar). Open it to change your password, email, 2FA, or sessions.

Change Password

To update your password:

1. Go to Security.
2. In the Change password section, enter your current password, then your new password and confirm new password.
3. Click Update password (or Change password). Use a strong password (length and mix of characters as recommended on the page).
4. After success, sign in again with your new password if you are logged out.

Tip: If you forgot your current password, use Forgot password on the login page instead. See "How do I reset my password?" in the Help Center.

Change Email

To change the email address used to sign in:

1. Go to Security.
2. In the Change email (or Login email) section, enter your new email address and your current password (for verification).
3. Click Update email (or Change email). You may need to verify the new email (check your inbox).
4. Use the new email to sign in from then on.

Keep your email up to date so you receive reset links, reminders, and account notifications.

Two-Factor Authentication (2FA)

Two-factor authentication adds an extra step when signing in (e.g. a code from an app or SMS) so that only you can access your account even if someone knows your password.

• Enable 2FA: In Security, find the Two-factor authentication section. Follow the steps to enable 2FA (e.g. scan a QR code with an authenticator app or enter a code). Save your backup codes in a safe place.
• Disable 2FA: You can turn 2FA off from the same section. You may need to enter your password or a current 2FA code to confirm.
• Recovery: If you lose access to your 2FA device, use your backup codes or contact support to recover access.

Sessions

You may see a Sessions (or Active sessions) section that lists devices or browsers where you are currently signed in.

• View sessions: See where you are logged in (e.g. device, location, last active).
• Revoke other sessions: If you see a session you don’t recognize or no longer use, you can revoke it. That device will be signed out. Your current session is usually kept.

Revoking all other sessions is useful after changing your password or if you think your account was used elsewhere without your permission.

Frequently asked questions

How do I change my password?

Go to Security, enter your current password and your new password (twice), then click Update password. Use at least the minimum length and strength required (e.g. 6+ characters; follow the on-page guidance).

I forgot my password. What do I do?

Use Forgot password on the login page. Enter your email and follow the reset link in the email. You do not need to know your current password for that. See the FAQ "How do I reset my password?" for step-by-step instructions.

How do I turn on two-factor authentication?

Open Security and find Two-factor authentication. Follow the setup (usually an authenticator app or backup codes). Save your backup codes somewhere safe in case you lose your phone.

Can I change my login email?

Yes. In Security, use the Change email section. Enter the new email and your current password, then confirm. You may need to verify the new email. After that, sign in with the new address.

What are sessions and should I revoke them?

Sessions are places where you are currently signed in (e.g. phone, laptop). If you see a session you don’t recognize or an old device, revoke it so that device is signed out. Revoking all other sessions is a good step after changing your password.