Devpilot
Account & Security

Password and Security

Change your Devpilot password, enable two-factor authentication with Google or Microsoft Authenticator, and review login history.

Password and Security

The security page is where you protect your Devpilot account. From here you can change your password, set up two-factor authentication (2FA) with an authenticator app, manage backup codes, review every login attempt on your account, and delete your account entirely.

Accessing Security Settings

  1. Click your avatar in the top-right corner.
  2. Select Account Settings.
  3. Click Security in the settings sidebar.

Changing Your Password

You can change your password at any time. Devpilot enforces a password rule that checks every character class.

Your new password must meet all of the following requirements:

  • At least 8 characters in length
  • At least one uppercase letter (A–Z)
  • At least one lowercase letter (a–z)
  • At least one number (0–9)
  • At least one special character (for example !@#$%^&*()_+-=[]{};':"\|,.<>/?)

Passwords that fail any of these checks are rejected.

Open the Password Section

On the security page, find the Change Password form.

Enter Your Current Password

Type your current password in the Current Password field. This confirms it's really you making the change.

Enter Your New Password

Type your new password in the New Password field and confirm it in the Confirm Password field. Both values must match exactly.

Save the New Password

Click Update Password. If the new password meets every rule and your current password was correct, the change is applied immediately.

Forgot Your Password?

If you can't sign in, use the Forgot Password link on the login screen. Devpilot emails a one-time code to your registered address. Enter the code to verify your identity, then set a new password.

Two-Factor Authentication (2FA)

Two-factor authentication adds a second step to your sign-in. After entering your password you'll be asked for a 6-digit code from an authenticator app, which rotates every 30 seconds. Devpilot supports two providers:

  • Google Authenticator
  • Microsoft Authenticator

Both providers use the same underlying TOTP standard, so any compatible app (Authy, 1Password, etc.) will also work — the choice simply labels the provider on your account.

Setting Up 2FA

Start the Setup

In the Two-Factor Authentication section, click Enable 2FA and choose Google or Microsoft as your provider.

Scan the QR Code

Devpilot displays a QR code and a temporary setup token. Open your authenticator app and scan the QR code to add your Devpilot account. If you can't scan, use the Manual Entry Key shown beside the QR code to add the secret by hand.

Enter the Verification Code

Your authenticator app now shows a 6-digit code that refreshes every 30 seconds. Enter the current code in the Verification Code field. You have 15 minutes to complete this step before the setup token expires.

Save Your Backup Codes

After you verify, Devpilot returns ten backup codes. Each code is single-use. Copy or download them and store them somewhere safe. They're the only way to sign in if you lose access to your authenticator app.

From your next sign-in onward, you'll be asked for both your password and a 6-digit code.

Devpilot accepts any 6-digit code generated within roughly the last 90 seconds. This means a code that just rolled over on your authenticator can still be entered for a short window after it disappears.

Disabling 2FA

To turn off two-factor authentication you must prove you still have access to your authenticator:

Open the 2FA Section

Scroll to Two-Factor Authentication in the security page.

Click Disable 2FA

Click the Disable 2FA button.

Enter a Valid Code

Enter a current 6-digit code from your authenticator app, or one of your unused backup codes, in the confirmation field. Click Confirm.

If the code is valid, 2FA is removed and future sign-ins require only your password.

Regenerating Backup Codes

If you've used most of your backup codes or suspect they've been exposed, you can regenerate a fresh set of ten:

  1. In the Two-Factor Authentication section, click Regenerate Backup Codes.
  2. Enter a current 6-digit code from your authenticator app to confirm.
  3. Copy and store the new codes. The previous set is invalidated immediately.

If you lose access to both your authenticator app and all of your backup codes, contact Devpilot support. Recovery requires identity verification.

Login History

The login history section lists every sign-in attempt on your account, successful or not. This helps you spot unfamiliar activity quickly.

Each entry includes:

FieldDescription
Date and timeWhen the attempt happened, displayed in your configured timezone.
IP addressThe IP address the request came from.
LocationApproximate geographic location when available.
DeviceDesktop, mobile, or tablet.
BrowserBrowser name and version (for example, Chrome 143).
Operating systemOS name and version (for example, macOS 10.15.7).
StatusWhether the sign-in succeeded or failed.
Failure reasonFor failed attempts, the reason (for example, "Incorrect password provided").

Devpilot also flags attempts from a new device or a new location so you can easily identify unusual sessions.

If you see a login from an IP address, location, or device you don't recognise, change your password immediately and enable 2FA if it isn't already on.

New-Device and New-Location Alerts

When Devpilot detects a sign-in from a device or location it hasn't seen before, it creates a notification in your account inbox. These appear on the Notifications page and let you confirm or investigate the sign-in.

Managing Social Sign-In

If you sign in with Google or Microsoft, those providers appear under Connected Social Accounts on the Profile page. You can disconnect any provider you no longer want to use as a sign-in method.

Deleting Your Account

Account deletion is permanent. It soft-deletes your user record and revokes every active access token. You must re-enter your password; if you have 2FA enabled you must also supply a current 2FA or backup code.

Open the Delete Section

On the security page, scroll to Delete Account.

Confirm Your Password

Enter your current password in the confirmation field.

Provide a 2FA Code

If 2FA is enabled, enter a current authenticator code or an unused backup code.

Confirm Deletion

Click Delete Account. All of your tokens are revoked and your account is deactivated.

Before deleting, transfer ownership of any workspaces you own. Otherwise those workspaces may become inaccessible to their members.

Security Best Practices

  • Use a unique password you don't reuse anywhere else.
  • Enable 2FA — it stops attackers even if your password leaks.
  • Store backup codes offline, for example in a password-manager vault.
  • Review login history regularly and investigate anything unfamiliar.
  • Disconnect social providers you no longer use.

Next Steps

Profile

Keep your name, email, and contact details up to date.

Notifications

Review new-device and new-location sign-in alerts.

Preferences

Set your timezone so security timestamps display correctly.

Profile

Update your Devpilot profile — name, username, contact details, address, and connected social accounts.

Notifications

Review your personal Devpilot notification inbox, including new-device and new-location sign-in alerts.

On this page

Password and SecurityAccessing Security SettingsChanging Your PasswordOpen the Password SectionEnter Your Current PasswordEnter Your New PasswordSave the New PasswordForgot Your Password?Two-Factor Authentication (2FA)Setting Up 2FAStart the SetupScan the QR CodeEnter the Verification CodeSave Your Backup CodesDisabling 2FAOpen the 2FA SectionClick Disable 2FAEnter a Valid CodeRegenerating Backup CodesLogin HistoryNew-Device and New-Location AlertsManaging Social Sign-InDeleting Your AccountOpen the Delete SectionConfirm Your PasswordProvide a 2FA CodeConfirm DeletionSecurity Best PracticesNext Steps