Account Security

Byline provides multiple layers of security to protect your account. This guide covers password management, two-factor authentication (MFA), and monitoring your account activity.

Changing Your Password

1
Go to Profile > Security tab.
2
Under Change Password, enter your current password.
3
Enter and confirm your new password (minimum 8 characters).
4
Click Update Password.
!
Team password policies If your organization has a password policy, your new password must also meet their requirements (e.g., minimum length, uppercase letters, numbers, special characters).

Forgot Your Password?

If you can't log in:

  1. Go to the Forgot Password page.
  2. Enter your email address.
  3. Check your inbox for a reset link (valid for 1 hour).
  4. Click the link and choose a new password.

Two-Factor Authentication (MFA)

Two-factor authentication adds an extra layer of security by requiring a second verification step when you log in. Byline supports two MFA methods:

Authenticator App (TOTP)

Use apps like Google Authenticator, Authy, or 1Password to generate time-based codes.

Email Verification

Receive a 6-digit code via email each time you log in.

Setting Up an Authenticator App

1
Go to Profile > Security tab.
2
In the Two-Factor Authentication section, click Enable next to Authenticator App.
3
Scan the QR code with your authenticator app (or enter the secret key manually).
4
Enter the 6-digit code from your authenticator app to confirm setup.
5
Save your backup codes — you'll be shown 10 one-time backup codes. Store them in a safe place (password manager, printed copy). These are your fallback if you lose access to your authenticator app.

Setting Up Email Verification

1
Go to Profile > Security tab.
2
Click Enable next to Email Verification.
3
A verification code will be sent to your registered email. Enter the code to confirm.

Logging In with MFA

Once MFA is enabled, the login flow adds a second step:

  1. Enter your email and password as usual.
  2. You'll be prompted for a verification code. If you have both methods enabled, TOTP (authenticator app) is the default — but you can switch to email or use a backup code.
  3. Enter the code and click Verify.

Remember This Device

During MFA verification, you can check "Remember this device for 30 days". This skips the MFA step on that specific browser/device for the next 30 days.

Backup Codes

Backup codes are one-time-use codes generated when you set up an authenticator app. Each code can only be used once. If you run low:

  1. Go to Profile > Security.
  2. Click Regenerate Backup Codes.
  3. Enter your password to confirm.
  4. Save the new set of codes (the old ones are invalidated).

Disabling MFA

To disable an MFA method, go to Profile > Security, click Disable next to the method, and enter your password to confirm.

Account Activity

Monitor when and where your account has been accessed. On the Profile > Security tab, you can see:

  • Last Login — When you last signed in.
  • Last Active — When you last used the app.
  • Password Last Changed — When your password was last updated.
  • Account Created — When your account was created.

Login Notifications

Byline automatically detects logins from new devices or locations. If a login comes from an IP address or browser you haven't used before, you'll receive an email notification with details about the login. No action is needed unless you don't recognize the activity.

Account Lockout

If too many incorrect password attempts are made, your account will be temporarily locked for security. The lockout duration depends on your team's security policy (if applicable). Wait for the lockout to expire, or contact your team admin to have your account unlocked.

Previous Click Tracking Next Plans & Billing