Protect your access with a strong password and two-factor authentication. Everything is in **Settings → Profile**.

## Change your password

In the **Password** section, enter the old one then the new one. Your password must contain:

- at least **one uppercase**, **one lowercase**, **one digit** and **one special character**,
- between **6 and 128 characters**.

## Enable two-factor authentication (2FA)

If available on your installation, the **Security** section lets you set up **app-based 2FA** (TOTP, like Google Authenticator): scan the QR code with your app, then enter the code to confirm. At each sign-in, you'll be asked for this code in addition to your password.

> **Good to know:** 2FA is the best protection against password theft. Enable it especially for administrator accounts.