SettleMint
User management

Account security

Manage password, two-factor authentication, passkeys, active sessions, PIN, and recovery codes, including resetting a forgotten PIN, from the DALP account security page.

DALP account security settings protect your signed-in account and the wallet-verification checks attached to it. Open Account > Security to change login controls, review active browser sessions, and manage the PIN or recovery-code controls used when your account confirms wallet-sensitive operations.

The cards shown on the page depend on platform configuration and on your current wallet-verification setup. Two-factor authentication and passkeys appear when the deployment enforces two-factor authentication. Recovery codes appear after the PIN or signing setup step that applies to your account.

What you can manage

Security controlWhat it protectsWhen you see itWhat you can do
PasswordUsername-and-password sign-in.Always on the account security page.Change your current password.
Two-factor authenticationSign-in with an authenticator-app code after password authentication.When two-factor authentication is enabled for DALP.Enable, verify, save backup codes, or disable with your password.
PasskeysAccount WebAuthn credentials for phishing-resistant sign-in.When two-factor authentication is enabled for DALP.Add a passkey or delete an existing passkey from your account.
Active sessionsBrowser sessions that are currently signed in to your account.Always on the account security page.Revoke an individual session token, or revoke all other sessions.
PINWallet-sensitive operations that require PIN verification for your account.Always on the account security page.Set up or update your PIN.
Recovery codesBackup access for wallet verification recovery when your signing setup needs it.After the PIN or signing setup step that applies to your account.Generate, copy, download, confirm, or regenerate recovery codes, and check how many remain.

Account passkeys and wallet verification are separate controls. A passkey helps you sign in. A PIN or recovery code helps DALP confirm wallet-sensitive operations after you are already signed in.

Enable two-factor authentication

  1. Open Account > Security.
  2. On the Two-factor authentication card, select Enable two-factor authentication.
  3. Enter your current password.
  4. Scan the QR code with an authenticator app.
  5. Enter the one-time password from the authenticator app.
  6. Save the backup codes shown after verification. Use Copy all codes to copy them, store them somewhere safe, then tick I have saved my backup codes.
  7. Select Done.

The Done button stays disabled until you tick I have saved my backup codes. The backup codes appear only once during setup and are never shown again, so this confirmation prevents a single accidental click from discarding them. If you dismiss the step without storing the codes and later lose your authenticator device, you can be locked out of account recovery.

Keep the backup codes somewhere safe. They are shown during setup so you can recover access if the authenticator device is unavailable.

When two-factor authentication is required

When a DALP deployment requires two-factor authentication, signed-in accounts without it are redirected to the two-factor setup page before continuing to protected workspace pages. That page uses the same authenticator-app flow as the two-factor authentication card. After setup succeeds, DALP returns you to the requested workspace page or to the workspace home page.

The onboarding flow can still show deployment or organisation setup pages before two-factor authentication is configured. Wallet-sensitive signing operations remain gated by wallet verification controls, so completing account two-factor authentication does not replace the PIN or recovery-code checks used for those operations.

To disable two-factor authentication later, use the same card and confirm the change with your password.

Manage passkeys

The Passkeys card lists your credentials with their name and creation date. Use it to add a new credential or remove one you no longer recognise or use.

Adding a passkey starts the browser WebAuthn prompt for the current device or authenticator. Deleting a passkey removes that credential from your account, but it does not change your PIN, recovery codes, or wallet-signing setup.

Review sessions and recovery options

Check the Active sessions card to see where your account is signed in. Revoke a listed session when that browser should no longer have access, or revoke all other sessions while keeping your current session active.

Open the PIN card when your account needs to set up or update PIN verification for wallet-sensitive operations.

Open the Recovery codes card when you need fresh backup codes for wallet verification recovery. In split-onboarding flows, finish the prompted PIN setup before expecting the recovery-code card to appear. If recovery codes were already confirmed during onboarding, regeneration requires your password.

Manage recovery codes

Recovery codes are single-use backup codes that let you reset your PIN if you forget it. When you start a protected operation and select Forgot PIN? in the verification dialog, DALP asks for a new PIN and one unused recovery code to authorize the reset. Each recovery code works once, so the Recovery codes card watches how many codes you have left and warns you before you run out.

What the card shows

StateWhen it appearsWhat to do
EnabledAfter you confirm a recovery-code set.Nothing. Your codes are stored and ready for PIN recovery.
Not setBefore you confirm any recovery codes.Generate a set so PIN recovery is available when you need it.
Running lowWhen only a few unused codes remain.The card shows how many codes are left. Regenerate a fresh set so PIN recovery keeps working.
No codes leftWhen every code has been used.The card warns that recovery is unavailable. Regenerate a fresh set to restore it.

Regenerate recovery codes

  1. Open Account > Security.
  2. On the Recovery codes card, select Regenerate recovery codes.
  3. If recovery codes were already confirmed during onboarding, enter your password when prompted.
  4. Copy or download the new codes and store them somewhere safe.
  5. Tick I have stored these recovery codes in a safe place, then select Continue to confirm them.

Regenerating replaces the entire set, so any previously saved codes stop working. Confirm the new codes before you close the card, because they are shown only once.

When a PIN reset uses your last remaining code, DALP issues a fresh set automatically and prompts you to save the new codes the next time you open the verification dialog. If your codes reach zero before you save a new set, PIN recovery cannot run until you regenerate codes from the Recovery codes card.

Become ready for protected operations

Protected browser-session operations are the requests that need wallet verification before DALP releases the request to signing. Examples include asset lifecycle requests, transfer controls, data-feed updates, and other blockchain write operations that open a verification dialog.

A signed-in account can be provisioned, API-ready, or transaction-ready. These states are separate:

Account stateWhat it meansWhat to do next
ProvisionedDALP has created or attached the account, organization membership, wallet, and identity state needed for the workspace.You can sign in and appear in the organization, but protected operations still need wallet security setup.
API-readyThe account or machine credential can call the APIs it has permission to use.Use the API with the assigned scopes and roles. Interactive browser signing still needs the transaction-ready checks below.
Transaction-readyThe signed-in browser session has a wallet verification method and confirmed recovery codes for wallet-sensitive operations.Continue with protected operations that open the verification dialog, then enter the requested PIN, OTP, or unused recovery code.

Before a protected browser-session operation can continue, DALP checks both wallet-security requirements:

Readiness checkWhat DALP checksHow to resolve it
Signing methodYour account has a wallet verification method for signing, such as PIN or authenticator-app OTP.Follow the PIN or verification setup prompt shown by the verification dialog, or open Account > Security and set up PIN.
Recovery codesYour account has confirmed recovery codes for wallet verification recovery.Copy, download, and confirm the recovery codes when DALP prompts for them.

If a provisioned or API-ready user starts a protected browser operation before wallet security is complete, DALP opens the missing setup step instead of the normal verification dialog. Finish the prompted security step first. DALP refreshes your account state after setup and then returns you to the verification flow. If the operation still fails, reopen it and enter the current PIN, OTP, or unused recovery code requested by the dialog.

API-key sessions do not use the interactive wallet verification dialog. Treat API keys as separate machine credentials with their own access controls.

On this page