> ## Documentation Index
> Fetch the complete documentation index at: https://vidow.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Security — Two-Factor Authentication & Session Management

> Change your password, enable two-factor authentication, and control which browser sessions have access to your Video Downloader Plus account.

Security settings are at [vidow.io/settings/security](https://vidow.io/settings/security). From here you can update your password, turn on two-factor authentication, and review active sessions.

## Password

### Update your password

1. Open your security settings
2. Enter your current password
3. Type your new password and confirm it
4. Click **Save**

Pick a password that is unique to Video Downloader Plus. Reusing passwords across services is the most common way accounts get compromised.

## Two-factor authentication

Two-factor authentication (2FA) adds a second check after your password — a time-based code from an authenticator app. Even if your password is exposed, an attacker cannot get in without physical access to your device.

### Set up 2FA

<Steps>
  <Step title="Open security settings">
    Go to [vidow.io/settings/security](https://vidow.io/settings/security).
  </Step>

  <Step title="Enable two-factor authentication">
    Click the **Enable two-factor authentication** button.
  </Step>

  <Step title="Scan the QR code">
    Open an authenticator app on your phone — Google Authenticator, Authy, and 1Password all work — and scan the QR code displayed on screen.
  </Step>

  <Step title="Enter the 6-digit code">
    Type the code your authenticator app generates to confirm the setup completed successfully.
  </Step>

  <Step title="Save your recovery codes">
    Copy or download the recovery codes shown on the final screen and store them somewhere safe.
  </Step>
</Steps>

<Warning>
  Recovery codes are your only fallback if you lose access to your authenticator device. Store them somewhere you can reach without your phone — a password manager, printed copy in a secure location, or an encrypted note. If you lose both your authenticator and your recovery codes, you will need to contact support to recover your account.
</Warning>

### Signing in with 2FA enabled

Once 2FA is active, the login sequence changes:

1. Enter your email and password as usual
2. When prompted, enter the 6-digit code from your authenticator app
3. If your authenticator is unavailable, enter one of your saved recovery codes instead

Recovery codes are single-use. Each one becomes invalid after it is used.

## Browser sessions

The security page lists every browser session currently signed in to your account. For each session you can see:

* Whether it is your **current session**
* The browser and operating system being used
* The IP address of the session
* The time of last activity

### Log out other sessions

Click **Log Out Other Browser Sessions** to end all sessions except the one you are currently using. You will need to enter your password to confirm the action.

<Tip>
  If you notice a session you do not recognize, log out all other sessions immediately and change your password. This cuts off any unauthorized access that may already be active.
</Tip>
