> ## Documentation Index
> Fetch the complete documentation index at: https://docs.upmetr.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Account & Security

> Manage your profile, password, multi-factor authentication, and notification preferences

Your account settings are available at **Account** (click your avatar in the sidebar). The page is organized into four tabs: **Profile**, **Password**, **Security**, and **Notifications**.

***

## Profile

The Profile tab lets you manage your personal information and avatar.

### Editing Your Name and Email

1. Go to **Account > Profile**
2. Update your **Full Name** or **Email**
3. Click **Save Changes**

<Note>
  Changing your email will update your login credentials. Make sure you have access to the new email address before saving.
</Note>

### Uploading an Avatar

1. Click the **camera icon** on your current avatar
2. Select an image file from your device
3. The avatar uploads automatically and appears across the platform

To remove your avatar, click the **delete icon** next to it.

***

## Password

### Changing Your Password

1. Go to **Account > Password**
2. Enter your **current password**
3. Enter a **new password** and confirm it
4. Click **Change Password**

### Password Requirements

Your password must meet all of the following:

| Requirement           | Description                                       |
| --------------------- | ------------------------------------------------- |
| **Length**            | At least 12 characters                            |
| **Uppercase**         | At least one uppercase letter (A-Z)               |
| **Lowercase**         | At least one lowercase letter (a-z)               |
| **Number**            | At least one digit (0-9)                          |
| **Special character** | At least one special character (e.g., `!@#$%^&*`) |

<Tip>
  Use a password manager to generate and store strong passwords. Avoid reusing passwords from other services.
</Tip>

***

## Multi-Factor Authentication (MFA)

MFA adds a second layer of protection to your account using a time-based one-time password (TOTP). After enabling MFA, you will need both your password and a 6-digit code from your authenticator app to sign in.

### Setting Up MFA

1. Go to **Account > Security**
2. Click **Enable MFA**
3. A **QR code** is displayed on screen
4. Open your authenticator app (Google Authenticator, Authy, 1Password, Microsoft Authenticator, or any TOTP-compatible app) and scan the QR code
5. Enter the **6-digit verification code** shown in your authenticator app
6. Click **Verify** to confirm setup

<Warning>
  After verification, your **backup codes** are displayed. These are shown **only once**. Download or copy them immediately and store them in a safe place. You will need a backup code if you lose access to your authenticator app.
</Warning>

### Backup Codes

When MFA is first enabled, you receive a set of one-time backup codes. Each code can only be used once.

* **Copy** — copies all codes to your clipboard
* **Download** — saves codes as a `upmetr-backup-codes.txt` file

You can view remaining backup codes or regenerate new ones from the Security tab. Regenerating codes requires a valid 6-digit code from your authenticator app and **invalidates all previous backup codes**.

### Disabling MFA

1. Go to **Account > Security**
2. Click **Disable MFA**
3. Enter a valid **6-digit code** from your authenticator app to confirm
4. MFA is removed from your account

### Logging In with MFA

When MFA is enabled, the login flow adds a verification step:

1. Enter your **email** and **password** as usual
2. You are redirected to the **Two-Factor Authentication** page
3. Enter the **6-digit code** from your authenticator app
4. The code auto-submits when all 6 digits are entered

If you do not have access to your authenticator app, click **"Use a backup code instead"** and enter one of your saved backup codes in the `XXXX-XXXX` format.

<Note>
  Each backup code can only be used once. After using a backup code, it is permanently consumed.
</Note>

***

## Magic Link

Magic Link provides **passwordless login** via a one-time email link. This is useful when you do not remember your password or prefer not to type it.

### How to Use Magic Link

1. On the login page, click **"Sign in with Magic Link"**
2. Enter your **email address**
3. Click **Send Magic Link**
4. Check your inbox for an email from Upmetr
5. Click the link in the email to sign in instantly

### Important Details

| Detail            | Value                                                                                   |
| ----------------- | --------------------------------------------------------------------------------------- |
| **Link expiry**   | 15 minutes                                                                              |
| **Rate limiting** | One request at a time (wait before requesting again)                                    |
| **MFA**           | If MFA is enabled, you will still need to complete the MFA step after clicking the link |

<Tip>
  For security, the confirmation page always says "If an account exists for this email..." regardless of whether the email is registered. This prevents email enumeration.
</Tip>

***

## Notification Preferences

Personal notification preferences are managed at **Account > Notifications**. These control which alerts **you** receive — they do not affect organization-wide notification channels configured in Settings > Integrations.

### Push Notifications

Toggle **Browser push notifications** to receive OS-level alerts even when the Upmetr tab is in the background.

* Your browser must grant notification permission when prompted
* **In-app notifications** can be toggled independently
* Use the **Send Test Notification** button to verify push is working

### Severity Filter

Choose which severity levels trigger notifications for your account:

| Severity     | Description                                 |
| ------------ | ------------------------------------------- |
| **Critical** | Urgent issues requiring immediate attention |
| **Warning**  | Potential problems that may escalate        |
| **Info**     | Informational events and status updates     |

When no severities are explicitly selected, you receive **all** notifications.

### Event Type Filter

Choose which event types trigger notifications:

* Monitor Down / Monitor Recovered
* SSL Expiring / SSL Expired
* Budget Threshold / Budget Exceeded
* Incident Created / Incident Resolved

When no event types are explicitly selected, you receive **all** event types.

### Quiet Hours

Quiet hours suppress push notifications during a specified time window (e.g., 22:00 to 07:00). Configure quiet hours via the API using the `quiet_hours_start` and `quiet_hours_end` fields on your notification preferences.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="I'm locked out of my account and MFA is enabled">
    If you have your **backup codes**, use one to sign in:

    1. Go to the login page and enter your email and password
    2. On the MFA verification screen, click **"Use a backup code instead"**
    3. Enter a backup code in `XXXX-XXXX` format

    If you have no remaining backup codes and cannot access your authenticator app, contact your organization administrator to reset MFA on your account.
  </Accordion>

  <Accordion title="I didn't receive the magic link email">
    * Check your **spam/junk** folder
    * Verify you entered the correct email address
    * Wait at least 2 minutes before requesting another link (rate limiting applies)
    * The link expires after **15 minutes** — request a new one if it has expired
    * If using a corporate email, check if your email provider is blocking emails from `noreply@upmetr.com`
  </Accordion>

  <Accordion title="Push notifications are not working">
    1. **Browser permission** — Make sure you allowed notifications when prompted. Check `chrome://settings/content/notifications` (Chrome) or your browser's equivalent.
    2. **Operating system** — Ensure notifications are enabled at the OS level:
       * **macOS**: System Settings > Notifications > your browser
       * **Windows**: Settings > System > Notifications
       * **Linux**: Check your desktop environment notification settings
    3. **Toggle** — Try disabling and re-enabling push notifications in Account > Notifications
    4. **Test** — Use the "Send Test Notification" button to verify the setup
  </Accordion>

  <Accordion title="My backup codes are lost">
    If you still have access to your authenticator app:

    1. Go to **Account > Security**
    2. Click **Regenerate Backup Codes**
    3. Enter a valid 6-digit code from your authenticator app
    4. New codes are generated — **save them immediately**

    Regenerating codes invalidates all previous backup codes.
  </Accordion>
</AccordionGroup>
