SSO, 2FA and sessions
Account security settings live in the profile area.
Connected accounts
PureStats supports Google and GitHub SSO. Users can connect or disconnect providers from their profile when it is safe to do so.
SSO-only accounts should set a password if they want email/password login as a fallback.
Two-factor authentication
2FA adds a time-based one-time password step after login. During setup:
- Scan the QR code with an authenticator app.
- Enter a current code.
- Store recovery codes if provided.
- Confirm that 2FA is marked active.
If setup fails, check device time synchronization and retry with a fresh code.
Active sessions
The profile shows active sessions. Users can end individual sessions or log out all other devices.
Sensitive changes
After password changes or 2FA reset, PureStats can revoke other sessions. This limits risk when account credentials change.