> For the complete documentation index, see [llms.txt](https://docs.flylogs.com/fcom/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.flylogs.com/fcom/first-steps/account-security.md).

# Account security

Keeping a complex enough password, regularly updated sometimes could not be enought to maintain login credentials secure. Nowadays hacking methods are getting more sophisticated and so the security measures must.

Flylogs allows you to easily update your password from your user settings page, you can do so as often as you'd like. We encourage you to do so at least once a year.

On top of that, as an extra safety measure, upon every login from a different IP address, or every 7 days from the same address, Flylogs can send you a security code to be entered upon login. This code validation is a Second security measure, a **2FA** (Two-Factor Authentication) called in the IT industry.

### 2FA options

From your **Security Settings** page, you can choose between three 2FA methods:

* **Off** — no extra code is requested upon login, only your password is checked.
* **Email** — Flylogs sends a 6 digit security code to your email address, which you must enter to complete the login.
* **Authenticator App** — a 6 digit code is generated by an authenticator app on your phone (e.g. Google Authenticator), which you must enter to complete the login.

{% hint style="info" %}
**2FA is mandatory for all company managers**, who must select either "Email" or "Authenticator App". The "Off" option is only available to non-manager users (pilots, FIs, mechanics, students), for whom 2FA remains optional but strongly recommended as an extra layer of security.
{% endhint %}

### Auto-lock Screen

Flylogs includes an **Auto-lock screen** feature that adds an extra layer of protection when you step away from your device. When enabled, the app will automatically lock after a period of inactivity and require you to re-enter your password before continuing.

<figure><img src="/files/tJ62niCoOILyAgARizJ7" alt="Auto-lock screen toggle in Security settings" width="563"><figcaption><p>The Auto-lock screen option is found in the Security section of your account settings</p></figcaption></figure>

When the screen locks, you will see a prompt showing your name and profile picture. Enter your account password to unlock and resume where you left off. You can also sign out entirely from this screen.

<figure><img src="/files/HOijnVaqrMaLm2PmhRtR" alt="Lock screen overlay requiring password to continue" width="375"><figcaption><p>The lock screen requires your password to resume the session</p></figcaption></figure>

{% hint style="info" %}
The Auto-lock screen is **enabled by default**. If you are working on a private, trusted device and do not need this protection, you can disable it from your **Security Settings** by toggling off the **Auto-lock screen** option.
{% endhint %}

If you have a passkey registered, you can also tap **Unlock with passkey** on the lock screen to resume your session with your fingerprint or Face ID instead of typing your password. See [Passkeys](#passkeys) below.

### Enable Google Authenticator 2FA

**How to Get Started**

Setting up Google Authenticator is a quick and simple process.

1. **Download the App:** The Google Authenticator app is available for free on both Android and iOS devices.
   * [Download on the Google Play Store](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2)
   * [Download on the Apple App Store](https://apps.apple.com/us/app/google-authenticator/id388497605)
2. **Enable in Your Settings:** Navigate to your account's **Security Settings** page, and select **Authenticator App** under Two-Factor Authentication.
3. **Scan the QR code:** A setup dialog will appear with a QR code. Scan it with your authenticator app, or enter the secret manually if you can't scan it. Once your app shows a 6 digit code, click **I have set up my app** to finish linking your account.

### Passkeys

Passkeys are the **safest and most convenient** way to access your account. A passkey lets you sign in or unlock your account using your device's **fingerprint, Face ID, or screen lock**, instead of typing a password.

* On the **Sign In** page, choose **Sign in with Passkey** instead of entering your email and password.
* On the **Auto-lock screen**, choose **Unlock with passkey** instead of typing your password.

Because a passkey is tied to your device's biometrics and never leaves your device, it cannot be phished, guessed, or reused like a password — making it the strongest available login method. Passkeys also satisfy 2FA requirements on their own, so company managers can use a passkey instead of entering a separate email or authenticator code.

You can register a passkey from your **Security Settings** page on any device that supports biometric authentication (most modern phones, tablets, and laptops).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.flylogs.com/fcom/first-steps/account-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.