Account & Security

Go to your account page, open the Security tab, and follow the 2FA setup wizard. The wizard will guide you through scanning and confirming your code.

XWMS supports most standard TOTP authenticator apps, including Google Authenticator, Microsoft Authenticator, and the built-in iPhone authenticator scanner.

You can disable 2FA from the same Security tab in your account settings. For safety, XWMS may ask you to confirm your identity first.

Use the advanced account recovery flow on the sign page and select Recover account from the left side. This is the fastest way to regain secure access.

Open your account page and go to the Security tab to update your email address. Changes may require a verification step to protect your account.

You can update your password from the Security section in your account dashboard. Choose a strong password that is unique to XWMS.

This usually happens when a login comes from a new device, browser, or location. For example, logging in while traveling can trigger a security alert.

Active sessions are listed in your account dashboard at /account. Review this list regularly to ensure only trusted devices are connected.

XWMS currently does not provide a one-click log out from every device. You can remove all other sessions manually while keeping your current session active.

Not at the moment. IP-based login restrictions are not yet available in the current account settings.

Open Account and then Security to see all available protection options, including password and 2FA controls. Enable as many layers as possible for better security.

Immediately remove unknown sessions and change your password. Then review your account settings and contact support if you notice any unauthorized changes.

A temporary lock is triggered when unusual activity suggests someone else may have tried to access your account. This lock protects your data until ownership is confirmed.

Account lockout remains active until account ownership has been verified. Once verification is complete, access is restored.

Passwords must be at least 8 characters and include at least one uppercase letter, one lowercase letter, and one number. Stronger passwords are always recommended.

Not yet. Passkeys and passwordless login are planned but are not currently available.

Enable 2FA, verify website URLs before signing in, and never share login or recovery codes. If something feels suspicious, reset your password immediately.

XWMS uses secure hashing and encrypted storage layers, and limits system exposure to reduce risk. Security controls are designed to protect customer data even during incident response.

The internal authentication encryption implementation is not publicly documented. XWMS keeps these details restricted as part of its security model.

Not at this time. SSO is currently not available.

This is not yet available in the current account model. User access controls will follow once multi-user management is released.

Detailed login audit reporting is not yet available to customers. This capability is planned for a future security update.

Regenerate your credentials immediately and treat the old values as compromised. Then review recent activity and remove any unknown integrations.

You can regenerate your credentials from your account dashboard. Update every connected system right after rotating the keys.

XWMS verifies account ownership through methods such as email verification and 2FA checks. Additional validation may be requested in recovery cases.

Accounts are suspended when there are violations of the terms and conditions. Please review /terms for the policy details.

Use strong unique passwords, enable 2FA, and prefer trusted password tools such as Apple Passwords or Google Authenticator. Avoid reusing credentials across services.

As a baseline, update your password at least twice per year. Change it immediately if you suspect exposure or unusual account activity.

Please report security issues through /support with clear reproduction steps and impact details. The security team will investigate and follow up.