Lesson 5 of 5 · 4 min
Security: Password, Sessions & 2FA
Keep your account safe by managing your password, reviewing active sessions, and enabling two-factor authentication.
Security: Password, Sessions & 2FA
Video coming soon
Lesson Notes
The Security section lives at /settings/security and contains three sub-pages: Password, Sessions, and 2FA. These are the only settings that gate access to your account at the authentication layer rather than at the Vremly application layer, making them worth understanding even if you rarely touch them.
The Password page at /settings/security/password requires you to enter your Current Password, then your New Password (minimum 8 characters), and then Confirm New Password. If the two new-password fields do not match, an error toast fires and the save is blocked. Successful saves clear all three fields. If you signed up via Google or Facebook and have never set a password, you will not see the password fields — instead the page will indicate that your account uses SSO sign-in. To change your email-and-password, set one here first before adding it as a sign-in method.
Sessions at /settings/security/sessions lists every active Clerk session for your account, identified by browser and operating system (e.g. 'Chrome on macOS', 'Safari on iPhone'). The current session is highlighted with a blue border and a 'Current session' label. Each other session has a Revoke button that terminates it immediately — useful if you notice a device you do not recognize or forgot to sign out on a public computer. The Revoke all other sessions button at the top right ends every session except the one you are currently using in one click.
2FA at /settings/security/2fa is a simple toggle that enables or disables email-based two-factor authentication. When on (the default), every new sign-in will trigger a verification code email to your address. Toggle it off if you prefer faster logins, but understand the security trade-off: without 2FA, anyone who obtains your password can access your account immediately. After toggling, the page reloads to refresh your authentication state from bootstrap. On the iOS app, security settings are under Settings > Security, which navigates to a SecurityView that handles the same flows using Clerk's iOS SDK.
Key Takeaways
- Change your password under Settings > Security > Password — minimum 8 characters, current password required.
- Review Sessions regularly and revoke any devices you do not recognize.
- 'Revoke all other sessions' is the fastest way to secure your account if you think you left yourself signed in somewhere.
- Two-factor authentication is on by default — keep it enabled for best account security.