> ## Documentation Index
> Fetch the complete documentation index at: https://docs.statusstack.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Security settings, 2FA, session management, and best practices

## Overview

Configure security settings to protect your StatusStack account and organization.

***

## Two-Factor Authentication

### Enable 2FA

<Steps>
  <Step title="Open Security Settings">
    **Settings** → **Security** → **Two-Factor Authentication**
  </Step>

  <Step title="Choose Method">
    * Authenticator app (recommended)
    * SMS
  </Step>

  <Step title="Scan QR Code">
    Use Google Authenticator, Authy, or 1Password
  </Step>

  <Step title="Save Backup Codes">
    Store securely for account recovery
  </Step>
</Steps>

***

## Session Management

### Active Sessions

View and manage logged-in devices:

**Settings** → **Security** → **Active Sessions**

```
Chrome on macOS - San Francisco, CA
Last active: 5 minutes ago
[Revoke]

Safari on iPhone - San Francisco, CA  
Last active: 2 hours ago
[Revoke]
```

**Revoke suspicious sessions immediately**

***

## Login History

Track authentication events:

* Successful logins
* Failed login attempts
* Password changes
* 2FA events
* OAuth connections

Access: **Settings** → **Security** → **Login History**

***

## API Keys

Manage API access tokens:

<Steps>
  <Step title="Create API Key">
    **Settings** → **API Keys** → **"Create Key"**
  </Step>

  <Step title="Set Permissions">
    * Read-only
    * Read/Write
    * Admin
  </Step>

  <Step title="Copy Token">
    Shown once - store securely
  </Step>

  <Step title="Revoke When Done">
    Delete unused keys regularly
  </Step>
</Steps>

***

## Security Best Practices

<AccordionGroup>
  <Accordion title="Use Strong Passwords">
    * 12+ characters
    * Mix of types
    * Unique per site
    * Password manager
  </Accordion>

  <Accordion title="Enable 2FA">
    Required for:

    * Owners and Admins
    * Production access
    * Recommended for all
  </Accordion>

  <Accordion title="Review Sessions Monthly">
    * Check active devices
    * Revoke unknown sessions
    * Verify locations
  </Accordion>

  <Accordion title="Rotate API Keys">
    * Quarterly rotation
    * Delete unused keys
    * Use least privilege
  </Accordion>
</AccordionGroup>

***

## Next Steps

<CardGroup cols={2}>
  <Card title="Authentication" icon="key" href="/account/authentication">
    Login methods and SSO
  </Card>

  <Card title="Team Management" icon="users" href="/account/team-management">
    Manage team access
  </Card>
</CardGroup>