Authentication & Security FAQ
How do I log in?
POST to the login endpoint with email and password:
Returns JWT token valid for 24 hours.
How do users reset their passwords?
- Click "Forgot Password" on login
- Enter email address
- Receive reset link (valid 1 hour)
- Set new password
How do I enable two-factor authentication?
- Go to Settings > Security
- Click "Enable 2FA"
- Scan QR code with authenticator app
- Enter verification code
- Save backup codes securely
What happens if I lose my 2FA device?
Use one of your backup codes to log in, then:
- Disable 2FA
- Re-enable with new device
Contact support if you've lost backup codes.