> ## Documentation Index
> Fetch the complete documentation index at: https://docs.passlet.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Account & security

> Profile, passkeys, two-factor authentication, passwords, sessions, and notifications.

Personal account settings live under **Settings → Account** and apply to you across all workspaces.

## Profile

**Settings → Profile** — display name, email address (changes require verification through the new address), a link to notification preferences, and a danger zone to request account deletion.

## Sign-in & security

**Settings → Sign-in & security** manages how you authenticate:

* **Passkeys** — phishing-resistant sign-in bound to your device (Face ID, Windows Hello,
  hardware keys). Recommended as your primary method; they can fully replace your password.
* **Two-step verification** — TOTP via an authenticator app. Some workspaces
  [require this](/guides/workspace-settings#policy) for all members.
* **Password** — optional if you use passkeys; minimum 12 characters with a strength meter.
* **Active sessions** — every signed-in device; revoke one or sign out all other sessions.

Sensitive changes (removing a passkey, changing email) trigger a **step-up re-authentication** prompt even inside an active session.

## Notifications

The bell icon opens the in-app notification center. **Notification preferences** (linked from Profile or the notifications page) control per-category in-app and email delivery — including access-token expiry warnings; see [Access tokens](/developers/access-tokens).
