Security

Protecting your account is essential. XC AI Content Automation supports two-factor authentication (2FA) and strong password requirements to help keep your data safe. This guide walks you through setting up and managing these security features.

Two-Factor Authentication

Two-factor authentication adds a second verification step when you log in. Even if someone obtains your password, they cannot access your account without the second factor. XC AI Content Automation offers two methods:

• TOTP (Authenticator App) -- Use an authenticator app such as Google Authenticator, Authy, or any compatible TOTP app. During setup, you scan a QR code that links the app to your account. Each time you log in, the app generates a time-based 6-digit code that you enter to verify your identity.

• Email -- Receive a 6-digit verification code via email each time you log in. This option does not require installing any additional software.

Setting Up 2FA

To enable two-factor authentication on your account:

1. Go to Settings and select the Security tab.
2. Click Enable Two-Factor Authentication.
3. Choose your preferred method: TOTP or Email.
4. Complete the setup for your chosen method:
   • For TOTP: Scan the QR code displayed on screen with your authenticator app. If you are unable to scan the code, you can manually enter the secret key shown below it. Once your app is configured, enter the 6-digit code it generates to confirm the setup.
   • For Email: A verification code is sent to the email address associated with your account. Enter the code to confirm the setup.
5. After confirmation, you will receive a set of backup codes. Save these immediately in a safe place -- you will need them if you ever lose access to your primary 2FA method.

Backup Codes

When you enable two-factor authentication, you receive a set of single-use backup codes. These codes serve as a safety net in case you lose access to your authenticator app or email.

• Each backup code can only be used once. After you use a code, it is no longer valid.
• Store your backup codes securely. Good options include saving them in a password manager or keeping a printed copy in a safe location.
• If you run out of backup codes, you can generate a new set from the Security tab in Settings.

Treat your backup codes with the same care as your password. Anyone with access to a valid backup code can complete the login process.

Logging In with 2FA

Once two-factor authentication is enabled, the login process includes an additional step:

1. Enter your email and password as usual.
2. You will be prompted to enter a verification code.
3. Provide the code from one of the following sources:
   • Your authenticator app, if you use the TOTP method.
   • Your email inbox, if you use the email method.
   • A backup code, if you cannot access your primary method.

After entering a valid code, you will be logged in.

Disabling 2FA

If you no longer wish to use two-factor authentication:

1. Go to Settings and select the Security tab.
2. Click Disable next to the two-factor authentication option.
3. Enter a verification code from your authenticator app, email, or backup codes to confirm the change.

Once confirmed, 2FA is removed from your account and you will only need your email and password to log in.

Note: If your organization enforces two-factor authentication, you will not be able to disable it. See the section below for details.

Organization-Enforced 2FA

Organization administrators can require all team members to have two-factor authentication enabled. When this policy is active:

• Any member who has not yet set up 2FA will be prompted to do so during their next login. They will not be able to proceed until 2FA is configured.
• Members cannot disable two-factor authentication while the enforcement policy is active.
• Only an organization administrator can change the enforcement setting.

If you are unsure whether your organization requires 2FA, check with your administrator or look for the enforcement notice on the Security tab in Settings.

Changing Your Password

To update your password:

1. Go to Settings and select the Security tab.
2. Enter your current password in the designated field.
3. Enter your new password and confirm it by entering it a second time.
4. Click Save to apply the change.

Passwords must be at least 8 characters long. For a stronger password, consider using a mix of uppercase and lowercase letters, numbers, and special characters. Using a password manager to generate and store a unique password is recommended.