Security settings
You can configure security and login-related settings.
Password change
Google account users cannot change passwords from this menu.
You can enhance security by entering your current password and new password.
Change procedure
- Enter your current password.
- Enter your new password and password confirmation.
- Click the Change password button to save.
For security, it is recommended to use a complex combination of letters, numbers, and special characters.
MFA (Multi-Factor Authentication)
Alpacon requires additional authentication (MFA) when performing sensitive operations such as workspace access or security settings to enhance security. In this menu, you can register and manage MFA authentication methods used for additional authentication.
Overview
Various types of authentication methods can be registered, and available types may vary by workspace.
- Each type card shows a list of workspaces currently using that authentication method.
- Click the Add button on the right side of the card to register a new authentication method.
- You can drag authentication methods to change their priority order.
- This order determines which method to try first during additional authentication.
- Priority only applies to registered (active) authentication methods.
Among the authentication method types allowed by a specific workspace, the one with the highest priority in the list will be used.
MFA timeout
After completing MFA once, you can perform sensitive operations without additional authentication for the configured duration. The configurable range is set by workspace administrators in authentication policy, and you can adjust your own timeout within this range.
Authentication method registration
- To register a new authentication method, MFA authentication using existing registered methods is required.
- Once additional authentication is completed, you can continue registration work without authentication for a set period of time.
| Type | Description |
|---|---|
| Hardware Security Key | • Authenticate using external security keys or biometric devices that support WebAuthn. • During registration, after completing MFA with existing authentication methods, registration proceeds immediately through the security device. • Only one authentication method can be registered per device. |
| Biometric Authentication | • Authenticate using built-in biometric sensors of devices that support WebAuthn. • After completing MFA with existing authentication methods, registration proceeds immediately through biometric recognition. • Only one biometric authentication method can be registered per device. |
| One-Time Password (OTP) | • Authenticate using one-time passwords with authentication apps like Google Authenticator. • During registration, scan the QR code or text code into the app, then enter the generated verification code to complete registration. |
| Recovery Code | • Provides unique recovery codes for account access recovery. • Provided by default upon registration, and new codes can be issued if existing recovery codes are lost. • Recovery codes can only be viewed once and must be stored in a safe location. |
| • Authenticate through emails containing verification codes. • The email used during registration is registered as the default authentication method, and new emails can also be added. • Registration is completed by entering the verification code received after entering the email. | |
| Phone Message | • Authenticate through text messages containing verification codes. • After entering a phone number and selecting it as an authentication method, registration is completed by entering the code received via message. • Currently only text message method is provided, with voice call method planned for future support. |
Authentication method management
Click on each authentication method to navigate to the detail page.
On the detail page, you can view information about registered authentication methods, delete them, or modify their aliases.