Skip to content
Hoursmith Docs
Settings

Account security & 2FA

Secure your account with an authenticator app or passkeys, manage your password, connected accounts, and active sessions.

Account → Security (/account/security) is where you lock down your own account: two-factor authentication, passkeys, your password, connected accounts, and active sessions.

Security is a personal account setting — it protects your sign-in. Anyone can set it up for their own account.

Authenticator app (TOTP)

Use an authenticator app (the codes are 6 digits and rotate every 30 seconds).

Start setup

In the Two-factor authentication section, click Set up. A QR code appears. Can't scan it? Choose Can't scan? Show the secret to enter the key manually.

Verify

Scan the QR code with your authenticator app, then enter the 6-digit code in the field and click Verify & enable.

Save your backup codes

Hoursmith shows 8 one-time backup codes. They're shown once — save them somewhere safe, then click I've saved them.

Store your backup codes somewhere safe and separate from your phone. They're your way in if you lose access to your authenticator app.

Managing TOTP

  • Regenerate codes — issues a fresh set and invalidates the old ones.
  • Disable — turns off TOTP. This requires your password.

Passkeys (WebAuthn)

Passkeys let you sign in with your device's biometrics or a hardware key — no password needed.

Add a passkey

Click Add a passkey and, optionally, give it a device name.

Confirm on your device

Complete the prompt with your device's biometric or security key — Touch ID, Windows Hello, a hardware key, or a synced passkey.

Each passkey is listed with its added and last-used dates and a remove button. At sign-in, a passkey signs you in without a password.

Password, connected accounts, and sessions

The Security page also includes:

  • Password — a card to update your password.
  • Connected accounts — third-party sign-in accounts linked to yours.
  • Sessions — your active sessions, so you can review where you're signed in.

Troubleshooting

  • My 6-digit code is rejected. Codes rotate every 30 seconds — wait for the next one, and make sure your phone's clock is set automatically. If you're locked out, use a backup code.
  • I want new backup codes. Use Regenerate codes; the old set stops working immediately.
  • Disabling 2FA asks for my password. That's expected — disabling TOTP requires your password.
  • Can't sign in? See I can't sign in.
Was this page helpful?

Preferences

Set your personal theme, locale, date and time format, and interface density — choices that follow you across every workspace.

Notification preferences

Choose which Hoursmith events also reach you by email or Telegram — in-app notifications are always on.

On this page

Authenticator app (TOTP)Start setupVerifySave your backup codesManaging TOTPPasskeys (WebAuthn)Add a passkeyConfirm on your devicePassword, connected accounts, and sessionsTroubleshooting