> ## Documentation Index
> Fetch the complete documentation index at: https://help.retainful.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Account security

> Protect your account with two-factor authentication and good session hygiene.

Your Retainful account can email your entire customer base — treat its security accordingly.

## Two-factor authentication (2FA)

With 2FA enabled, signing in requires your password **plus** a 6-digit code from an authenticator app. Even a leaked password isn't enough to get in.

<Steps>
  <Step title="Enable 2FA">
    Go to **Settings → Account → Security** and click **Enable two-factor authentication**.
  </Step>

  <Step title="Scan the QR code">
    Use any authenticator app — Google Authenticator, 1Password, Authy — to scan the code, then enter the 6-digit code to confirm.
  </Step>

  <Step title="Save your recovery codes">
    Store the recovery codes somewhere safe (a password manager). They're your way in if you lose your phone.
  </Step>
</Steps>

<Tip>
  Make 2FA mandatory practice for every [team member](/account/team-and-roles) with access to campaigns or billing — an account is only as secure as its least-protected admin.
</Tip>

## Passwords and sessions

* Change your password from **Settings → Account → Security**. Use a unique password from a password manager.
* Forgot it? Use **Forgot password** on the login page for an email reset link.
* When someone leaves your team, **remove them from the organization** — don't share logins in the first place; individual accounts cost nothing and preserve accountability.

## Account email verification

Your login email must be verified before you can send. If you change it, you'll verify the new address the same way.
