Docs

Security & Access

Manage account sessions, passkeys, passwords, and access controls.

Overview

Security & Access lets you review devices signed into Attia and manage the sign-in protection on your account.

Attia settings showing the security and access page

Open Settings > Account > Security & Access to view sessions, add passkeys, manage two-step verification, manage your password, and review account-level access sections.

Sessions

The Sessions section shows your current session and any other active sessions for your account. Each row can include the browser or device name, the IP address or location when available, and when the session was last active.

Your current session is marked as the current session. Use Log out to end it.

For other active sessions, use Revoke on an individual row to remove that device's access. Use Revoke all to revoke every other active session while keeping your current session signed in.

Attia only shows active sessions here. Inactive sessions are expired by the authentication policy for your account.

Passkeys

Passkeys let you sign in securely without relying on a password. They are supported by major browsers, operating systems, and many password managers.

Use New passkey to register a device or password manager. You can register more than one passkey. Existing passkeys show their label, when they were created, and when they were last used.

Attia may ask you to reverify your identity before adding a new passkey.

Two-step verification

The Two-step verification section shows whether an authenticator application is enabled for your account. It also shows whether backup codes have been generated.

Use Generate to create backup codes. If backup codes already exist, use Regenerate to replace them. Store backup codes somewhere safe because each code can only be used once.

Password

The Password section shows whether your account has a password. Use Set password or Change password to open the secure account settings flow.

Personal API keys

Personal API keys are planned for account-level integrations. This section is shown as Coming soon until API access is available.

When personal API keys are available, this section will be where you create and revoke keys associated with your account.

Authorized applications

Authorized applications are planned for third-party OAuth applications that can access your account after you approve them.

This section is shown as Coming soon until OAuth application access is available. When it is available, you will be able to review approved applications and revoke access you no longer want to grant.