# Account security

Source: https://docs.settlemint.com/docs/user-guides/user-management/account-security
Manage password, two-factor authentication, passkeys, active sessions, PIN, and recovery codes from the DALP account security page.



DALP account security settings help each user protect access to the platform and confirm wallet-sensitive actions. The page combines login controls, wallet verification methods, active sessions, and recovery-code management in one workspace.

Go to **Account** > **Security** to review the available security cards for your account. The exact cards can depend on the platform configuration and the signing methods already enabled for your user.

## What you can manage [#what-you-can-manage]

| Security control          | What it is for                                                                           | What you can do                                                   |
| ------------------------- | ---------------------------------------------------------------------------------------- | ----------------------------------------------------------------- |
| Password                  | Protects username-and-password sign-in.                                                  | Change the current password.                                      |
| Two-factor authentication | Adds an authenticator-app code to sign-in.                                               | Enable, verify, save backup codes, or disable with your password. |
| Passkeys                  | Adds WebAuthn passkeys as a phishing-resistant sign-in option when passkeys are enabled. | Add a passkey or remove an existing passkey.                      |
| Active sessions           | Shows browser sessions that are currently signed in.                                     | Review active sessions and sign out sessions you no longer use.   |
| PIN                       | Confirms wallet-sensitive actions when PIN verification is configured for your account.  | Set up or update your PIN.                                        |
| Recovery codes            | Provides backup access for wallet verification recovery.                                 | Generate, copy, download, confirm, or regenerate recovery codes.  |

## Enable two-factor authentication [#enable-two-factor-authentication]

1. Open **Account** > **Security**.
2. On the **Two-factor authentication** card, select **Enable two-factor authentication**.
3. Enter your current password.
4. Scan the QR code with an authenticator app.
5. Enter the one-time password from the authenticator app.
6. Save the backup codes shown after verification, then select **Done**.

Keep the backup codes somewhere safe. They are shown as part of the setup flow so you can recover access if the authenticator device is unavailable.

## Manage passkeys [#manage-passkeys]

Use the **Passkeys** card to add or remove passkeys for your account. A listed passkey shows its name and creation date. Remove passkeys you no longer recognise or use.

## Review sessions and recovery options [#review-sessions-and-recovery-options]

Use **Active sessions** to check where your account is signed in. End sessions that should no longer have access.

Use **Recovery codes** when you need fresh backup codes for wallet verification recovery. If recovery codes were already confirmed during onboarding, regeneration requires your password.

## Related guides [#related-guides]

* [Participants hub](/docs/user-guides/user-management/participants-hub)
* [Create users](/docs/user-guides/user-management/create-users)
* [Create an asset](/docs/user-guides/asset-creation/create-asset)
* [Getting started with API integration](/docs/developer-guides/api-integration/getting-started)