# Security ## Getting Here **Settings > My Profile > Security** *** ## My Profile - Security The **Security** page under "My Profile" allows users to manage their password and multi-factor authentication (MFA) settings for enhanced account security. *** ### Page Sections #### 1. Change Password * **Description**: Allows the user to initiate a password reset. * **Action**: * **Button**: `RESET YOUR PASSWORD` * **Behavior**: Clicking the button sends an email with a password reset link. *** #### 2. Multi-Factor Authentication (MFA) **Authenticator App** * **Description**: Enables Time-Based One-Time Password (TOTP) authentication using an external authenticator app (e.g., Google Authenticator). * **Status**: `ENABLED` (cannot be disabled if required by the company administrator). * **Message**: > "You cannot disable Two-Factor Authentication because it is required by your company administrator." * **Actions**: * **ADD ANOTHER DEVICE**: Allows the user to register an additional device for MFA. **Device List** * **Description**: Displays a list of registered devices for MFA. * **Columns**: * **Device**: The name of the registered device (e.g., `iphone`). * **Created Date**: The date and time the device was registered (e.g., `2024-12-16 17:40`). *** #### 3. Email Authentication * **Description**: Allows authentication using a One-Time Password (OTP) sent to the user's email address. * **Status**: `ENABLED`. * **Behavior**: Once enabled, the user can authenticate using an email OTP. *** ### Notes * **Reset Password**: Password changes must be completed via the reset link sent to the user's email. * **MFA Status**: If multi-factor authentication is enforced by the company administrator, users cannot disable it. * **Device Management**: Users can add new devices for MFA but cannot remove devices unless explicitly permitted.