Security settings
Change your password, manage two-factor authentication, and review active sessions.
What this means
Security settings protect your Bilbis account. This page covers password changes, two-factor authentication, and active sessions across browsers, devices, and CLI clients.
Use this page when you want to harden your account, rotate a password, disable two-factor authentication, or sign out of devices you do not recognize.
Before you start
You need to be signed in.
For the full MFA setup and sign-in flow, including authenticator apps and recovery codes, see Multi-factor authentication.
Change password
Changing your password signs out other devices. The current browser stays signed in.
| Field | What it means |
|---|---|
| Current password | Your existing password. |
| New password | The replacement password. It must be at least 12 characters. |
| Confirm new password | Re-enter the new password to prevent mistakes. |
Bilbis checks new passwords against known data-breach corpuses. If the password has appeared in a known breach, choose a different one.
Two-factor authentication
The Two-factor authentication card lets you enable or disable MFA for your account. Owner, admin, and platform-admin roles may be required to enroll before signing in.
Enable two-factor authentication
- Open Settings.
- Select Security.
- In Two-factor authentication, select Enable.
- Follow the enrollment flow.
Disable two-factor authentication
- Open Settings.
- Select Security.
- In Two-factor authentication, select Disable.
- Confirm with an authenticator code or recovery code.
- Disable MFA.
Active sessions
The Active sessions card shows devices and CLI clients currently signed in.
| Item | What it means |
|---|---|
| Device label | A readable summary such as browser on operating system, or a CLI client. |
| This device | The browser session you are currently using. |
| IP address | The IP address associated with the session, if available. |
| Last active | When the session was last used. |
| Revoke | Sign out a session you do not recognize. |
| Revoke all others | Sign out every other session while keeping this browser signed in. |
You can also sign out of the current browser from this card.
Problems and fixes
| Problem | What to check |
|---|---|
| Current password is rejected | Re-enter your current password. Too many attempts may temporarily block changes. |
| New password is rejected | Use at least 12 characters and avoid passwords known from data breaches. |
| Two-factor code is rejected | Check the authenticator app, make sure the device time is correct, and enter the latest 6-digit code. |
| You lost your authenticator | Use a recovery code. Each recovery code works once. |
| You see an unknown session | Revoke that session. If several look unfamiliar, revoke all others and change your password. |