MenuAccount & Settings
Account & Settings

Security Settings

7 min read46 viewsOctober 16, 2025
On this page

Security Settings

Your Quixli account may contain sensitive documents, confidential business information, and personal data. Securing your account is essential to protecting not just your own content, but also the shared documents and collaborations that depend on your access credentials.

This guide covers password management, two-factor authentication (2FA), session monitoring, and security best practices to keep your account safe.

Password Security

Your password is the first line of defense for your Quixli account. A strong, unique password dramatically reduces the risk of unauthorized access.

Creating a Strong Password

Quixli requires passwords to be at least 8 characters long, but we strongly recommend going further:

  • Use at least 12 characters — longer passwords are exponentially harder to crack

  • Mix character types: Include uppercase letters, lowercase letters, numbers, and symbols

  • Avoid personal information: Don't use your name, birthday, company name, or common words

  • Don't reuse passwords: Your Quixli password should be unique — not used for any other service

Recommendation: Use a password manager like 1Password, Bitwarden, or Apple Keychain to generate and store a random, unique password for Quixli. This eliminates the need to remember complex passwords while ensuring maximum security.

Changing Your Password

To change your password:

  1. Go to Settings > Security

  1. Click "Change Password"

  1. Enter your current password to verify your identity

  1. Enter and confirm your new password

  1. Click "Update Password" — the change takes effect immediately

After changing your password, all other active sessions are automatically signed out for security. You'll need to log in again on any other devices.

Two-Factor Authentication (2FA)

Two-factor authentication adds a second layer of security to your account. Even if someone obtains your password, they won't be able to log in without access to your authenticator device. We strongly recommend enabling 2FA for all accounts, especially those with access to shared or sensitive content.

Setting Up 2FA

Follow these steps to enable two-factor authentication:

  1. Go to Settings > Security

  1. Click "Enable Two-Factor Authentication"

  1. Open your authenticator app (Google Authenticator, Authy, 1Password, or any TOTP-compatible app)

  1. Scan the QR code displayed on screen with your authenticator app

  1. Enter the 6-digit verification code shown in your authenticator app to confirm setup

  1. Save your backup codes: Quixli generates 10 one-time backup codes. Download or print them and store them in a secure location — these are your lifeline if you lose access to your authenticator app

Save Your Backup Codes

Backup codes are shown only once during setup. If you lose both your authenticator device and your backup codes, you will need to contact support to regain access to your account, which requires identity verification and may take several business days.

Active Sessions

The Active Sessions panel shows every device and browser currently logged into your Quixli account. For each session, you can see:

  • Device type and operating system (e.g., "Chrome on macOS")

  • IP address and approximate location

  • Last activity timestamp

  • Whether it's the current session

If you see a session you don't recognize, click "Sign Out" next to it to immediately revoke access. If you're concerned about unauthorized access, click "Sign Out All Other Sessions" to terminate every session except the one you're currently using.

Security Best Practices

  • Enable 2FA immediately: This is the single most effective step you can take to protect your account

  • Review active sessions monthly: Check for unfamiliar devices or locations and revoke any sessions you don't recognize

  • Use a unique password: Never reuse your Quixli password on other services. A data breach on another platform could expose your Quixli account

  • Be cautious with shared devices: Always sign out when using Quixli on a shared or public computer. Don't use "Remember Me" on devices you don't own

  • Keep your email secure: Your email address is the recovery mechanism for your Quixli account. If someone gains access to your email, they can reset your Quixli password

Frequently Asked Questions

What if I lose my authenticator device?

Use one of your 10 backup codes to log in. Each code can only be used once. After logging in, go to Settings > Security to disable and re-enable 2FA with your new device. If you've also lost your backup codes, contact support at [email protected] with your account email for identity verification.

Can workspace admins enforce 2FA for all members?

Yes. Workspace admins can enable "Require 2FA" in workspace security settings. Members without 2FA enabled will be prompted to set it up on their next login and won't be able to access the workspace until they do.

Does Quixli support hardware security keys like YubiKey?

Yes. Quixli supports FIDO2/WebAuthn hardware security keys as a 2FA method on Pro and Team plans. Go to Settings > Security > Two-Factor Authentication and choose "Security Key" during setup. You can register up to 5 keys as backup for each other.

How do I know if someone else has logged into my account?

Check Settings > Security > Active Sessions. This shows every device and location currently logged into your account, including browser type, IP address, and last activity time. If you see an unfamiliar session, click "Revoke" to terminate it immediately, then change your password.

Can I restrict login to specific IP addresses?

IP allowlisting is available on Enterprise plans. Workspace admins can configure a list of approved IP ranges in Workspace Settings > Security > IP Restrictions. Login attempts from non-approved IPs are blocked, even with valid credentials. This is useful for organizations that require VPN or office-network access.

Was this article helpful?