Security Settings
Protect your Grillo Cloud account with strong security settings.
Accessing security settings
- Log into cloud.grillo.io
- Click on your profile icon in the top right
- Select "Security" or navigate to Profile > Security
Password management
Changing your password
If you signed up with email (not Google/Microsoft):
- Navigate to Security settings
- Click "Change password"
- Enter your current password
- Enter your new password
- Confirm your new password
- Click "Update password"
Password requirements
Your password must have:
- At least 8 characters
- One uppercase letter (A-Z)
- One lowercase letter (a-z)
- One number (0-9)
- One special character (!@#$%^&*)
Password tips
- Use a unique password not used on other sites
- Consider using a password manager
- Don't share your password with others
- Change it if you suspect it's been compromised
Forgot your password?
- Go to cloud.grillo.io
- Click "Sign in"
- Click "Forgot password?"
- Enter your email address
- Check your email for reset link
- Click the link and create a new password
Two-factor authentication (2FA)
Add an extra layer of security to your account.
What is 2FA?
Two-factor authentication requires:
- Your password (something you know)
- A code from your phone (something you have)
Even if someone gets your password, they can't access your account without your phone.
Setting up 2FA
- Navigate to Security settings
- Find "Two-factor authentication" section
- Click "Enable 2FA"
- Choose your method:
- Authenticator app (recommended)
- SMS (if available)
- Follow the setup instructions
Using an authenticator app
Recommended apps:
- Google Authenticator
- Microsoft Authenticator
- Authy
- 1Password
Setup steps:
- Install the app on your phone
- Scan the QR code shown in Grillo dashboard
- Enter the 6-digit code from the app
- Save your backup codes securely
Backup codes
When you enable 2FA, you'll receive backup codes:
- Save these in a secure location
- Use them if you lose access to your phone
- Each code can only be used once
- Generate new codes if you run out
Disabling 2FA
- Navigate to Security settings
- Find "Two-factor authentication" section
- Click "Disable 2FA"
- Enter your password to confirm
- Enter a 2FA code or backup code
- 2FA will be removed from your account
warning
Disabling 2FA reduces your account security. Only do this if necessary.
Active sessions
Monitor and manage where you're logged in.
Viewing sessions
- Navigate to Security settings
- Find "Active sessions" section
- View all current sessions:
- Device type and browser
- Approximate location
- IP address
- Last active time
Suspicious session?
If you see a session you don't recognize:
- Click "Sign out" next to that session
- Change your password immediately
- Enable 2FA if not already enabled
- Review your account activity
Sign out everywhere
To terminate all sessions:
- Click "Sign out of all devices"
- Confirm the action
- You'll be signed out everywhere
- Sign back in with your password
Login history
Review recent login activity:
- Navigate to Security settings
- Find "Login history" section
- View recent logins:
- Date and time
- Location
- Device/browser
- Success or failure
Suspicious activity indicators
Watch for:
- Logins from unfamiliar locations
- Logins from unknown devices
- Multiple failed login attempts
- Logins at unusual times
Security notifications
Get alerted about security events:
| Event | Notification |
|---|---|
| New login | Email when you log in from new device |
| Password change | Confirmation email |
| 2FA changes | Confirmation email |
| Failed login attempts | Alert after multiple failures |
To configure:
- Navigate to Security settings
- Adjust notification preferences
- Save changes
Account recovery
Recovery email
Set up a recovery email in case you lose access:
- Navigate to Security settings
- Find "Recovery options" section
- Add a secondary email address
- Verify the email
Connected accounts
Having multiple sign-in methods provides recovery options:
- If you forget your password, use Google/Microsoft
- If you lose access to Google/Microsoft, use email/password
Best practices
Do
- Use a strong, unique password
- Enable two-factor authentication
- Review active sessions regularly
- Keep recovery options up to date
- Sign out from shared/public computers
Don't
- Share your password with anyone
- Use the same password on multiple sites
- Leave sessions active on untrusted devices
- Ignore security alerts
- Click links in suspicious emails
If your account is compromised
If you suspect unauthorized access:
- Change your password immediately
- Sign out of all sessions
- Enable 2FA if not already enabled
- Review account activity for unauthorized changes
- Check connected services for unauthorized access
- Contact support if you need help