Account & Security

Go to https://xwms.nl/sign to start the registration flow. You can also use /signup directly, while /login is for existing users.

Open the login page, enter your email address, click Next, and choose the Forgot password option. You will receive instructions to securely set a new password.

Go to your account page, open the Security tab, and follow the 2FA setup wizard. The wizard will guide you through scanning and confirming your code.

XWMS supports most standard TOTP authenticator apps, including Google Authenticator, Microsoft Authenticator, and the built-in iPhone authenticator scanner.

You can disable 2FA from the same Security tab in your account settings. For safety, XWMS may ask you to confirm your identity first.

Use the advanced account recovery flow on the sign page and select Recover account from the left side. This is the fastest way to regain secure access.

Start from the sign page and choose Recover account to begin the guided recovery process. If you still cannot access your account, contact support for manual verification.

Open your account page and go to the Security tab to update your email address. Changes may require a verification step to protect your account.

You can update your password from the Security section in your account dashboard. Choose a strong password that is unique to XWMS.

This usually happens when a login comes from a new device, browser, or location. For example, logging in while traveling can trigger a security alert.

Active sessions are listed in your account dashboard at /account. Review this list regularly to ensure only trusted devices are connected.

XWMS currently does not provide a one-click log out from every device. You can remove all other sessions manually while keeping your current session active.

Not at the moment. IP-based login restrictions are not yet available in the current account settings.

Open Account and then Security to see all available protection options, including password and 2FA controls. Enable as many layers as possible for better security.

Immediately remove unknown sessions and change your password. Then review your account settings and contact support if you notice any unauthorized changes.

A temporary lock is triggered when unusual activity suggests someone else may have tried to access your account. This lock protects your data until ownership is confirmed.

Account lockout remains active until account ownership has been verified. Once verification is complete, access is restored.

Email verification is built into the account flow, and only verified emails are accepted for active XWMS users. Follow the on-screen steps during sign-up or first login.

An account cannot be activated without a verified email address. In practice, unverified email addresses are blocked from completing registration.

Account deletion is handled by support to prevent accidental data loss. Submit your request through /contact and include your account details.

You can update your profile name easily from your account dashboard. If your exact username is locked, contact support for the available options.

Notification settings are not configurable yet. This option is planned for a future dashboard update.

First confirm you entered the correct login details and email address. Also check spam or junk folders, then contact support if messages still do not arrive.

You can edit your profile information from your account page. Save your changes and confirm any requested verification steps.

Passwords must be at least 8 characters and include at least one uppercase letter, one lowercase letter, and one number. Stronger passwords are always recommended.

Not yet. Passkeys and passwordless login are planned but are not currently available.

OAuth provider login is being expanded. Google support is planned first, with additional providers such as Microsoft and Apple following later.

When you sign in with a supported provider, XWMS links and syncs your email automatically. Additional provider options will be added over time.

Not yet. Unlinking a connected OAuth provider is planned for a future account settings update.

Enable 2FA, verify website URLs before signing in, and never share login or recovery codes. If something feels suspicious, reset your password immediately.

XWMS uses secure hashing and encrypted storage layers, and limits system exposure to reduce risk. Security controls are designed to protect customer data even during incident response.

The internal authentication encryption implementation is not publicly documented. XWMS keeps these details restricted as part of its security model.

Not at this time. SSO is currently not available.

SSO configuration is not available yet because SSO is not currently supported. This feature may be introduced in a future release.

Not yet. Multi-user account management is not currently supported.

Role assignment is not available right now because multi-user role management has not been released yet.

This is not yet available in the current account model. User access controls will follow once multi-user management is released.

Detailed login audit reporting is not yet available to customers. This capability is planned for a future security update.

Regenerate your credentials immediately and treat the old values as compromised. Then review recent activity and remove any unknown integrations.

You can regenerate your credentials from your account dashboard. Update every connected system right after rotating the keys.

Not yet. Login alert preferences are planned for a future dashboard release.

Timezone and region settings can be changed in your account dashboard. These settings affect how dates, times, and localized views are shown.

XWMS verifies account ownership through methods such as email verification and 2FA checks. Additional validation may be requested in recovery cases.

Not at this moment. Account data export is planned for a future dashboard update.

Visit /support and submit an account recovery request with as much detail as possible. The support team will guide you through verification.

Accounts are suspended when there are violations of the terms and conditions. Please review /terms for the policy details.

Submit an appeal through the support page and include the relevant account information. The team will review the case and respond with next steps.

Use strong unique passwords, enable 2FA, and prefer trusted password tools such as Apple Passwords or Google Authenticator. Avoid reusing credentials across services.

As a baseline, update your password at least twice per year. Change it immediately if you suspect exposure or unusual account activity.

Please report security issues through /support with clear reproduction steps and impact details. The security team will investigate and follow up.