WorkestraDocs
PlatformSettings

Security Settings

Manage your password, enable two-factor authentication, view active sessions, and configure security preferences.

Security Settings

Keep your Workestra account secure with password management, two-factor authentication, and session monitoring.

security settings page

Screenshot needed � add an annotated image showing this UI

Coming Soon: The Security & Access page is currently under development. Full functionality will be available in an upcoming release.

Password Management

Changing Your Password

  1. Navigate to Settings > Security
  2. Scroll to the Password section
  3. Enter your current password
  4. Enter your new password (minimum 8 characters)
  5. Confirm the new password
  6. Click Update Password

Use a strong, unique password. We recommend using a password manager to generate and store complex passwords.

Password Requirements

RequirementSpecification
Minimum length8 characters
Maximum length128 characters
ComplexityAny characters allowed
HistoryCannot reuse last 5 passwords

Two-Factor Authentication (2FA)

Add an extra layer of security with Time-based One-Time Password (TOTP) authentication.

Enabling 2FA

  1. Go to Settings > Security
  2. Click Enable Two-Factor Authentication
  3. Scan the QR code with your authenticator app (Google Authenticator, Authy, 1Password, etc.)
  4. Enter the 6-digit code from your app
  5. Save your backup codes in a secure location
  6. Click Verify and Enable

Important: Backup codes are your only way to recover access if you lose your authenticator device. Store them securely offline.

Using 2FA

After enabling, you'll be prompted for a 6-digit code:

  • Every time you sign in
  • When switching devices
  • After clearing browser cookies

Disabling 2FA

  1. Go to Settings > Security
  2. Click Disable Two-Factor Authentication
  3. Enter your current password to confirm
  4. 2FA is immediately disabled

Disabling 2FA reduces your account security. Only disable if absolutely necessary.

Active Sessions

Monitor and manage devices where you're currently signed in.

Viewing Active Sessions

The Active Sessions section shows:

InformationDescription
DeviceBrowser and operating system
LocationApproximate location based on IP
IP AddressNetwork address (partially masked)
Last ActiveWhen the session was last used
CurrentIndicates your current session

Revoking Sessions

To sign out of another device:

  1. Find the session in the list
  2. Click Revoke or Sign Out
  3. That device is immediately logged out

If you forgot to sign out on a public computer, revoke that session immediately from here.

Revoke All Sessions

To sign out everywhere (including your current device):

  1. Click Revoke All Other Sessions to keep only your current session
  2. Or click Sign Out Everywhere to end all sessions including this one

Brute Force Protection

Workestra automatically protects against password attacks:

ProtectionBehavior
Failed attempts6 failed logins trigger a lockout
Lockout duration15 minutes
Email notificationAlert sent to your email on lockout
Progressive delayIncreasing delays between attempts

Session Timeout

For security, inactive sessions are automatically ended:

  • Web sessions: 7 days of inactivity
  • Mobile sessions: 30 days of inactivity
  • API keys: No automatic expiration

You can manually sign out anytime from the user menu (avatar → Sign out).

Security Best Practices

For Your Account

  1. Enable 2FA — The single best security improvement
  2. Use a password manager — Generate and store unique passwords
  3. Revoke old sessions — Regularly review active sessions
  4. Keep email secure — Your email is your account recovery method

For Your Workspace

  1. Limit Owner/Admin roles — Only trusted individuals
  2. Use custom roles — Grant minimum necessary permissions
  3. Review audit logs — Monitor for suspicious activity
  4. Enable SSO — For enterprise security requirements

What to Do If You Suspect Unauthorized Access

  1. Change your password immediately
  2. Revoke all active sessions
  3. Review audit logs for suspicious activity
  4. Contact your workspace admin if you see unauthorized actions
  5. Contact support at security@workestra.app for urgent issues

Next Steps

Email Signatures

Create professional email signatures with the visual builder. Auto-fills your profile data, supports multiple layouts, social links, and photos.

Notification Settings

Control email digests, push notifications, and smart notification preferences across all modules.

On this page

Security SettingsPassword ManagementChanging Your PasswordPassword RequirementsTwo-Factor Authentication (2FA)Enabling 2FAUsing 2FADisabling 2FAActive SessionsViewing Active SessionsRevoking SessionsRevoke All SessionsBrute Force ProtectionSession TimeoutSecurity Best PracticesFor Your AccountFor Your WorkspaceWhat to Do If You Suspect Unauthorized AccessNext Steps