Account Security
Your account security is our number one priority. USR provides a complete set of tools to protect your account and control access to it.
Security Settings Overview
In the Security section of your profile, you can manage the following parameters:
| Parameter | Description |
|---|---|
| Password Change | Regularly update your password to enhance security |
| Two-Factor Authentication (2FA) | Additional layer of protection when signing in |
| Active Sessions | View and manage all devices with access to your account |
| Login History | Track all access attempts to your account |
| Connected Applications | Manage applications with access to your data |
Changing Password
Use a strong password: minimum 8 characters, including letters, numbers, and special characters.
Navigate to Security Section
Open your profile settings and select the “Security” tab.
Click “Change Password”
Find the “Password” section and click the “Change Password” button.
Enter Current Password
To confirm your identity, you need to enter your current password.
Enter New Password Twice
Enter your new password and confirm it by re-entering it in the corresponding fields.
Confirm the Change
Click “Save Changes”. All active sessions except the current one will be automatically terminated.
Two-Factor Authentication
What is 2FA
Two-Factor Authentication (2FA) is an additional layer of protection
When 2FA is enabled, signing into your account requires not only your password but also a one-time code from an authenticator app.
Benefits of 2FA:
- Protection from unauthorized access even if password is compromised
- Notifications about login attempts from unfamiliar devices
- Compliance with modern security standards
Supported Applications:
- Google Authenticator
- Authy
- Microsoft Authenticator
- Any other TOTP-compatible apps
2FA uses the TOTP (Time-based One-Time Password) protocol, which is an industry standard for secure authentication.
Session Management
A session is a period of time during which you remain authenticated in the system from a specific device.
Viewing Active Sessions
In the “Active Sessions” section, you can see all devices where your account is signed in:
- Device and Browser — type of device and browser being used
- IP Address — connection location
- Last Activity Time — when the session was last used
- Current Session — marked with a special indicator
Terminating Individual Sessions
- Find the suspicious or unnecessary session in the list
- Click the “Terminate Session” button next to it
- Confirm the action
The device will be immediately disconnected, and signing in again will require entering the password (and 2FA code if enabled).
Terminating All Sessions
If you suspect unauthorized access to your account, immediately terminate all sessions!
- Click “Terminate All Other Sessions” in the active sessions section
- Confirm the action
- All sessions except the current one will be immediately terminated
- Change your password for additional security
When to use:
- You noticed an unfamiliar session
- You lost a device
- You signed in from a public computer and forgot to sign out
- You suspect account compromise
Login History
Login history shows all access attempts to your account for the last 90 days.
What is Displayed in History
Each entry contains:
- Date and time of login attempt
- IP address and approximate location
- Device and browser
- Status: successful login, failed attempt, blocked
How to Recognize Suspicious Activity
Pay attention to the following signs:
- Logins from unfamiliar cities or countries
- Failed login attempts at unusual times
- Multiple failed attempts in a row
- Unfamiliar devices or browsers
What to Do When Suspicious Activity is Detected
- Immediately terminate all active sessions except the current one
- Change password to a new, strong one
- Enable two-factor authentication if not already enabled
- Check account settings for unauthorized changes
- Contact support if assistance is needed
Connected Applications
Manage applications and services that you’ve granted access to your account.
List of Connected Applications
This section displays:
- Application name
- Date access was granted
- Granted permissions (read profile, access to email, etc.)
- Date of last use
Revoking Access
- Find the application in the connected list
- Click “Revoke Access”
- Confirm the action
After revoking access, the application will no longer be able to receive data from your profile. If you use this application again, you’ll need to grant permissions again.
When to revoke access:
- You no longer use the application
- The application requests more data than necessary
- You don’t remember why you granted access
- You suspect the application has been compromised
Frequently Asked Questions
How often should I change my password?
Modern security recommendations suggest changing your password only in the following cases:
- When you suspect compromise
- When a data breach is detected on the service
- If the password is too simple or used on other sites
When using a strong, unique password and enabled 2FA, regular changes are not required.
What should I do if I lost access to my 2FA app?
If you lost the device with your authenticator app:
- Use one of your backup codes to sign in
- After signing in, disable the old 2FA setup
- Set up 2FA again on a new device
- Save the new backup codes
If you don’t have backup codes, contact support for identity verification.
Why do I see an unfamiliar device in active sessions?
Possible reasons:
- Browser update — a new version may appear as a different device
- Different platform — signing in from mobile after using desktop
- VPN or proxy — may change the displayed location
- Unauthorized access — if you’re sure it’s not you
If in doubt, terminate that session and change your password for security.
How do I sign out of all devices at once?
- Navigate to “Security” → “Active Sessions”
- Click “Terminate All Other Sessions”
- Confirm the action
This will terminate all sessions except the one you’re currently using.
My account was hacked — what should I do?
Immediate actions:
- Change password to a new, strong one (if you have account access)
- Terminate all sessions through the “Active Sessions” section
- Enable 2FA for additional protection
- Check connected applications and revoke suspicious ones
- Check profile settings for unauthorized changes
- Contact support for detailed incident analysis
If you cannot sign into your account, immediately contact support to lock the account and restore access.