# Account & Security

Your Genie account is your identity within the platform. The security settings give you control over how you log in, who has access, and how your account is protected.

***

## Authentication Methods

Genie supports multiple ways to log in:

* **Google** — Log in with your Google account
* **GitHub** — Log in with your GitHub account
* **Apple** — Log in with your Apple ID
* **Passkeys** — Log in with biometrics (Face ID, Touch ID, Windows Hello)

You can link multiple methods to a single account, giving you flexibility and backup options for access.

***

## Two-Factor Authentication

Two-factor authentication adds a second layer of protection to your account.

When enabled, logging in requires both your primary method (OAuth or password) and a time-based code from an authenticator app.

This significantly reduces the risk of unauthorized access, even if your primary credentials are compromised.

When you enable 2FA, you receive backup codes. Store these securely — they allow you to recover access if you lose your authenticator device.

***

## Passkeys

Passkeys represent the most secure and convenient way to log in.

Instead of passwords or codes, passkeys use cryptographic keys stored on your device. Authentication happens through biometrics like Face ID, Touch ID, or a hardware security key.

Passkeys cannot be phished, intercepted, or reused. They provide fast, secure access with a single action.

You can register multiple passkeys across different devices for flexibility.

***

## Session Management

Every time you log in from a device or browser, Genie creates a session.

You can view all active sessions, including the device, location, and last activity time. If you see anything unfamiliar, you can revoke individual sessions or log out from all devices at once.

This is particularly important if you access Genie from shared or public devices.

***

## Security Logs

Genie maintains a log of security-related activity on your account.

This includes login attempts, password changes, 2FA modifications, linked account changes, and session activity.

Reviewing these logs periodically helps you identify any unusual activity and respond quickly if needed.

***

## Deleting Your Account

If you choose to delete your account, all associated data is permanently removed. This includes your servers, files, settings, and subscription.

Before deleting, ensure you have exported any important data and disconnected external integrations.

Account deletion cannot be undone.

***

## Security Best Practices

* Enable two-factor authentication or passkeys
* Review active sessions regularly
* Do not share account credentials
* Use Genie Secrets for sensitive data instead of plain text files
* Log out from shared devices after use
* Monitor security logs for unexpected activity