Keeping your UMAP360 account secure takes a few minutes and protects everything inside your workspace — your data, your team, and your billing. This page covers your password, two-factor authentication, how sessions work, and a few habits worth adopting.
You'll find these controls under Settings → Security in the sidebar.
Change your password
Update your password any time from Settings → Security → Change Password.
Every password — at signup, on reset, and on change — must meet all of these rules:
| Rule | Requirement |
|---|---|
| Length | At least 8 characters |
| Uppercase | At least one uppercase letter (A–Z) |
| Lowercase | At least one lowercase letter (a–z) |
| Number | At least one digit (0–9) |
| Special character | At least one symbol (anything non-letter, non-number) |
The New Password field shows an inline hint as you type and checks your entry before you submit, so a weak password is caught right away.
Forgot your password?
You don't need to be signed in to reset it. On the login page, click Forgot password?, enter your email, and follow the reset link we send you. The new password must meet the same rules above.
Turn on two-factor authentication
Two-factor authentication (2FA, also called MFA) adds a second check at sign-in: even if someone learns your password, they still can't get in without a code from your phone. We strongly recommend enabling it.
To set it up under Settings → Security → Two-Factor Authentication:
- Start the setup — a QR code appears.
- Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, and similar all work).
- Enter the current 6-digit code from the app to confirm.
Once 2FA is on, every sign-in works like this:
- Enter your email and password as usual.
- A verification screen asks for your current 6-digit code.
- Open your authenticator app, type the code, and confirm.
If you ever type the code wrong, just re-enter it — no need to start over.
Disabling 2FA needs your password
For your protection, turning 2FA back off requires you to re-enter your account password first. Keep your authenticator app handy until you've fully signed in.
How sessions work
For security, every session lasts 24 hours — there is no "remember me" option, and the limit applies to all accounts.
- After 24 hours you're returned to the login page with a "Your session expired" message.
- Signing in again restores your session right away.
The Security tab shows an informational card describing this 24-hour policy. It's read-only — the limit is built in and protects every account the same way.
Security best practices
A few habits go a long way:
- Use a strong, unique password that meets the policy above — don't reuse a password from another service.
- Turn on two-factor authentication. It's the single biggest upgrade to your account's safety.
- Never share your login. To give a teammate access, invite them instead — see team and roles — so everyone has their own credentials and role.
- Reset your password immediately if you suspect anyone else has access.
- Keep API keys out of the wrong hands. Treat them like passwords, and rotate or revoke them as needed — see API keys.
Changing your sign-in email
Your login email can't be changed from the dashboard today. If you need to update it, contact support.
Next steps
- Account overview — everything in your account settings at a glance
- Profile and organization — your display name and workspace details
- Team and roles — invite teammates and choose what they can do
- API keys — create, rotate, and revoke keys for your integrations
- How your data is stored — how we keep your information secure
Last updated 2026-06-11