Security Settings
The Security page centralizes authentication and account protection controls. Access: Go to Settings → Profile → Security.Authentication Methods
The top section includes:- Email (verification and change flow)
- Password (set/change)
- Phone (add/edit)
- MFA status and management
Multi-Factor Authentication (MFA)
itellicoAI supports authenticator-app MFA (TOTP) with recovery codes.Enable MFA
Disable MFA
You can disable MFA from the same section. The flow requires security confirmation.Recommended Minimum Setup
For most business users, a good baseline is:- password set and up to date
- MFA enabled
- recovery codes stored safely
- unfamiliar sessions revoked
Password Management
Change your password from the Security page. Current password is required, and new passwords must meet current policy requirements (minimum length and validation rules).Active Sessions
The Active Sessions table shows currently active device sessions. Each row includes:- Device/browser
- Location (when available)
- Last activity
- Current-session indicator
- Revoke individual sessions
- Revoke all other sessions
Login Activity
Review recent security-relevant activity, including:- Login events
- Password changes/resets
- MFA success/failure events
- Event metadata (device, location, IP, timestamp)
Connected Social Accounts
Security also includes connected social providers (for example Google and Apple) where enabled. You can connect/disconnect providers from this section, subject to account safety checks (for example avoiding lockout if no other login method exists).Security Best Practices
Enable MFA for all privileged users
Enable MFA for all privileged users
Require MFA for owners/admins and any user with elevated permissions.
Review sessions and activity regularly
Review sessions and activity regularly
Check active sessions and login activity for unfamiliar devices or locations.
Use unique, rotated credentials
Use unique, rotated credentials
Keep passwords unique and rotate exposed credentials quickly.
Protect recovery codes
Protect recovery codes
Store MFA recovery codes in a secure password manager or vault.
FAQs
What if I lose access to my authenticator app?
What if I lose access to my authenticator app?
Use a recovery code. If recovery options are unavailable, contact support@itellico.ai.
Can I revoke my current session?
Can I revoke my current session?
You can revoke other sessions from the table. Your current session remains active unless you log out.
Where do I change my email or phone?
Where do I change my email or phone?
Use Settings → Profile → Security in the authentication methods section.
Next Steps
Team Management
Align member roles with your security model
API Keys
Rotate and manage programmatic credentials
User Profile
Configure UI mode, theme, and language