Security
Two-factor authentication
Keep the existing authenticator-app setup flow under User security.
- Authenticator app
- Available
Configure TOTP codes for sign-in verification.
- Route
- /settings/profile/two-factor-authentication/TOTP
Existing deep link remains supported for compatibility.
Session policy
Static placeholder for future account-level security defaults.
- Password changes
- User managed
Profile still owns password reset and account deletion controls.
- Audit events
- Future setting
No audit-log product is being introduced here.