Securing Your Account with Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security to your Verk account. Even if someone gets your password, they can't get in without your phone.

How 2FA works

When you log in with 2FA enabled:

1. You enter your email and password like normal
2. Verk asks for a 6-digit code
3. You open your authenticator app and get the code
4. Enter the code and you're in

The code changes every 30 seconds, so it's nearly impossible for someone to break in.

Why you should use 2FA

Think about what's in your Verk account: your team's tasks, conversations, files, and workflows. If someone got into your account, they could:

• Read all your team's private discussions
• Delete important tasks and projects
• Access confidential documents
• Impersonate you to other team members

2FA prevents all of this. Even if your password leaks in a data breach somewhere else (it happens more often than you'd think), your Verk account stays safe.

Setting up 2FA

You'll need an authenticator app on your phone. We recommend:

• Google Authenticator (free, simple)
• Authy (free, syncs across devices)
• 1Password (if you already use it for passwords)
• Microsoft Authenticator (free, works great)

Here's how to set it up

1. Go to Settings in the top right corner
2. Click on Security in the left sidebar
3. Find Two-Factor Authentication and click Enable 2FA
4. You'll see a QR code on screen
5. Open your authenticator app and scan the QR code
6. The app will show you a 6-digit code
7. Enter that code in Verk to confirm it's working
8. Click Enable

You're all set! Next time you log in, you'll need both your password and a code from your app.

Using 2FA to log in

Once 2FA is enabled, logging in takes one extra step:

1. Enter your email and password like normal
2. Click Sign In
3. You'll see a screen asking for your 2FA code
4. Open your authenticator app
5. Find your Verk code
6. Enter the 6-digit code
7. Click Verify

The code changes every 30 seconds, but you have a little wiggle room. If the code changes while you're typing it, the old code usually still works for a few seconds.

What if I lose my phone?

If you lose access to your authenticator app, you'll need to contact our support team to regain access to your account. We take security seriously, so we'll need to verify your identity before disabling 2FA.

Here's what to do:

1. Email support@verkapp.com from the email address associated with your account
2. Include your full name and username
3. Explain that you've lost access to your 2FA device
4. Our team will guide you through identity verification
5. Once verified, we'll disable 2FA on your account temporarily
6. Log in and set up 2FA again with your new device

Tip: If you use Authy, it can back up your 2FA codes to the cloud, so you can recover them on a new phone. This is much easier than going through support.

Disabling 2FA

If you need to turn off 2FA (though we don't recommend it):

1. Go to Settings → Security
2. Find the Two-Factor Authentication section
3. Click Disable 2FA
4. Enter a code from your authenticator app to confirm
5. Click Confirm Disable

Your account will no longer require 2FA codes when logging in.

Password Management

Keeping your password secure and up-to-date is important for protecting your account.

When to change your password

You should change your password if:

• You think someone else might know it
• You've used the same password on another site that had a data breach
• You haven't changed it in over a year
• You're using a weak password (like "password123")
• You shared your password with someone and want to revoke their access

Changing your password

Note: If you signed up with Google or another single sign-on provider, you can't change your password in Verk. You need to change it through your SSO provider instead.

For regular Verk accounts:

1. Go to Settings → Security
2. Find the Change Password section
3. Enter your current password
4. Enter your new password
5. Enter your new password again to confirm
6. Click Update Password

You'll stay logged in on your current device, but you'll be logged out everywhere else. This is a security feature - if someone else was using your old password, they can't get back in.

Creating a strong password

A strong password should be:

• At least 12 characters long
• A mix of uppercase and lowercase letters
• Include numbers and symbols
• Not a word you'd find in a dictionary
• Not based on personal information (like your name or birthday)
• Unique to Verk (don't reuse passwords from other sites)

Pro tip: Use a password manager like 1Password, LastPass, or Bitwarden. They generate strong passwords and remember them for you. You only need to remember one master password.

What if I forgot my password?

If you can't remember your password:

1. Go to the Verk login page
2. Click Forgot Password?
3. Enter your email address
4. Check your email for a password reset link
5. Click the link (it expires after 1 hour)
6. Enter a new password
7. Click Reset Password

You'll be logged in automatically and can start using Verk right away.

Session Management

Session management lets you see where you're logged in and control access to your account.

Why session management matters

Every time you log in to Verk, we create a session. That session stays active so you don't have to log in every single time you visit. But if you log in from a lot of places, or if you think someone else accessed your account, you might want to end some of those sessions.

Viewing your active sessions

To see where you're logged in:

1. Go to Settings → Security
2. Find the Active Sessions section
3. You'll see a list of all devices where you're logged in

For each session, you'll see:

• Device type (Desktop, Mobile, Tablet)
• Browser (Chrome, Safari, Firefox, etc.)
• Location (city and country, based on IP address)
• Last active (when this session was last used)
• Current session (marked if it's the device you're using right now)

The location comes from your IP address, so it might not be exact. If you're using a VPN, it might show the VPN server's location instead of your real location.

Logging out of a single device

If you see a session you don't recognize, or if you left yourself logged in on a shared computer:

1. Find the session in your Active Sessions list
2. Click the Log Out button next to that session
3. That device will be logged out immediately

The next time someone tries to use Verk on that device, they'll need to log in again with your password (and 2FA code if you have it enabled).

Logging out of all devices

If you're worried someone might have access to your account, you can log out everywhere at once:

1. Go to Settings → Security
2. Find the Active Sessions section
3. Click Log Out All Devices at the top
4. Confirm that you want to log out everywhere

This will log you out on every device, including the one you're using right now. You'll be taken to the login page and need to sign in again.

When to use this:

• You think someone might have your password
• You logged in on a public computer and can't remember which one
• You're leaving the company and want to ensure no one can access your account
• You just changed your password and want to be extra safe

Understanding session duration

Verk keeps you logged in for 30 days of inactivity. If you don't use Verk for 30 days, you'll be logged out automatically and need to sign in again.

If you use Verk regularly, your session can last much longer. But if we detect suspicious activity (like logins from very different locations at the same time), we might end your sessions as a security precaution.

Security Best Practices

Here are some additional tips to keep your account secure.

Use a unique password

Never use the same password for Verk that you use anywhere else. If that other site gets hacked, attackers will try your email and password combination on every popular service, including Verk.

Enable 2FA

Seriously, enable 2FA. It's the single best thing you can do to protect your account. It takes 2 minutes to set up and stops almost all account takeover attempts.

Be careful with public Wi-Fi

When you're on public Wi-Fi at a coffee shop or airport, be extra careful. Use a VPN if you have one, and avoid accessing sensitive information.

Log out of shared computers

If you log in to Verk on a shared or public computer, always log out when you're done. Don't just close the browser - actually click Log Out in Verk.

Review your sessions regularly

Check your active sessions every few weeks. If you see anything you don't recognize, log out that session and change your password immediately.

Keep your email secure

Your email account is the key to your Verk account. If someone gets into your email, they can reset your Verk password. Enable 2FA on your email account too.

Watch out for phishing

We'll never ask for your password in an email. If you get an email claiming to be from Verk asking you to log in, hover over the links before clicking. Make sure they go to verkapp.com, not some fake domain.

What to do if your account is compromised

If you think someone else has accessed your account:

1. Change your password immediately (if you can still log in)
2. Enable 2FA (if it's not already on)
3. Log out all devices to kick out the attacker
4. Contact support at support@verkapp.com
5. Check your account for any unauthorized changes
6. Review your recent activity to see what the attacker might have accessed
7. Tell your team so they can watch out for suspicious messages from you

The faster you act, the less damage can be done.

Getting help

If you have questions about security or need help with any of these features, contact our support team at support@verkapp.com. We're here to help keep your account safe.