What it does
The Security tab is where you change your password and turn two-factor authentication (2FA) on or off. It's the single page for hardening how you sign in.
Who can use it
Every signed-in user can manage their own password and 2FA from this tab.
If you sign in only with Google or another social provider, you may not have a password set on your Nautis account yet — in that case, the Change Password form still appears but won't accept a blank current password.
How to get here
Sign in to Nautis.
Open your profile menu in the top-right and click Account Settings.
Click the Security tab.
Step-by-step: change your password
On the Security tab, find the Change Password card at the top.
Fill in the three fields:
Current Password — your existing password.
New Password — your new password. As you type, a checklist appears showing which rules you've met.
Confirm New Password — type the new password again.
Make sure all four rules under New Password show green check marks:
Be at least 8 characters long
Contain at least one uppercase letter
Contain at least one lowercase letter
Contain at least one number
Use the eye icon on the right of any field to peek at what you've typed if you want to double-check.
Click Update Password.
You'll see "Password updated successfully" and the form clears.
Step-by-step: turn on two-factor authentication
2FA adds a 6-digit code requirement to every sign-in.
Scroll to the Two-Factor Authentication card.
Click Enable and follow the on-screen prompts to scan a QR code and save your backup codes.
For the full walkthrough — including how to install an authenticator app, save your backup codes safely, and sign in once 2FA is on — see Two-factor authentication.
Step-by-step: turn off two-factor authentication
In the Two-Factor Authentication card, click Disable.
A dialog asks for your current 6-digit code from the authenticator app. Enter it in the Verification Code field.
Click Disable.
You'll see "Two-factor authentication disabled successfully." Future sign-ins will only need your password.
Step-by-step: use backup recovery codes
When you first turned on 2FA, you were shown a list of one-time backup codes. Each code lets you sign in once without your authenticator app — useful if you lose your phone.
If you've lost both your phone and your backup codes, contact support to reset 2FA on your account.
Step-by-step: review recent login activity
The Security tab itself doesn't list login activity — that lives on the Sessions tab. For a list of recent sign-ins with browser, operating system, IP address, and timestamp, click the Sessions tab at the top of Account Settings. See Account settings — Sessions.
Tips & limits
Password rules: minimum 8 characters with at least one uppercase letter, one lowercase letter, and one number.
The green/red checklist next to New Password only appears once you start typing — use it as a live guide.
If your new password and confirmation don't match, you'll see "Passwords do not match" under Confirm New Password.
Changing your password does not automatically sign you out of other devices. To force everyone else out, change your password and review the Sessions tab.
Once 2FA is on, you'll also be asked for a code when you do sensitive actions such as deleting your account.
If you sign in with a social account (e.g. Google) and have never set a password, the Change Password form still appears but you won't have a current password to enter.
FAQ
I forgot my current password. Can I change it from here?
No — this form requires your existing password. Sign out, click "Forgot password?" on the login page, and follow the email reset flow.
Where are my backup codes?
They were shown once during 2FA setup. If you didn't save them, you may need to disable and re-enable 2FA, or contact support.
Does changing my password log me out of my phone?
Not directly. Your current browser stays signed in. Other devices that re-authenticate will be prompted to log in again.
Can I have 2FA enforced for everyone in my organization?
Yes — organization owners can enforce 2FA in workspace settings.
Why is the Current Password field still required even though I signed in with Google?
Nautis ties your password to your email account. If you've never set a password, use the "Forgot password?" link from the login page to set one for the first time.