Account security

Keeping your ConfigX account secure.

We have strict requirements for account security and always require two-factor authentication.

Passwords

When creating an account, we will validate and reject passwords that are likely weak or compromised.

We strongly recommend using a password manager and generating a unique, complex password that you do not use with any other service.

You can also add a Passkey to your account for passwordless login (recommended).

E-mail verification

To enable password recovery and more strongly prove your identity, we require every account to have a validated e-mail address.

You must validate your e-mail address before you can trigger agent deployments and perform certain account actions.

Two-factor authentication

We support authenticator apps (TOTP) and Passkeys (webauthn). We recommend using Passkeys.

You must add at least one authenticator app or device to your account before you can trigger deployments.

You will be prompted for two-factor authentication whenever you trigger a deployment.

Sessions

Your session may be terminated automatically if conditions change, such as:

Change in device / user agent
Change in IP address / location
Detection of suspicious activity

By default, all sessions are locked to the IP address from which they originated. This can be disabled from your account settings if needed. (The "Stay logged in" feature is always IP locked.)

You can review and terminate active sessions in your account settings. We recommend regularly reviewing your sessions for irregular activity.

PreviousSecurity overview NextAgent security

Last updated 2 years ago