Security and Two-Factor Authentication
How to secure your TrussNote account with two-factor authentication and review your active sessions.
TrussNote takes security seriously. This article covers how to enable two-factor authentication (2FA), review active sessions, and protect your account.
Two-factor authentication
Two-factor authentication adds a second layer of security to your account. Even if someone obtains your password, they cannot sign in without access to your authenticator app.
Enabling 2FA
- Go to Settings > Security
- Click Enable two-factor authentication
- Open your authenticator app (Google Authenticator, Authy, 1Password, etc.)
- Scan the QR code shown on screen
- Enter the 6-digit code from your authenticator app to confirm
- Save your backup codes in a secure location
2FA is now active. Every sign-in will require your password plus the current code from your authenticator app.
Backup codes
During 2FA setup, you are given 10 single-use backup codes. Store these securely (in a password manager or printed in a safe location). If you lose access to your authenticator app, you can use a backup code to sign in and reset your 2FA.
Each backup code can only be used once. After using one, generate a new set from Settings > Security.
Disabling 2FA
If you need to disable 2FA (for example, to switch authenticator apps):
- Go to Settings > Security
- Click Disable two-factor authentication
- Confirm with your current authenticator code
Re-enable it immediately after making the switch.
If you are locked out
If you cannot access your authenticator app and have no backup codes, contact support@trussnote.com from your registered email address. We will verify your identity through an alternative process and restore access.
Active sessions
You can review all devices currently signed into your TrussNote account:
- Go to Settings > Security
- View the Active sessions list
Each session shows:
- Device and browser type
- IP address (approximate location)
- Last active time
To sign out a session you do not recognize, click Revoke next to it. To sign out all other sessions at once, click Revoke all other sessions.
Password security
- Use a unique password for TrussNote that you do not use anywhere else
- Use a password manager to generate and store a strong password
- Minimum password length is 8 characters
- We recommend 16 characters or more
If you suspect your password has been compromised, change it immediately from Settings > Profile > Change password and review your active sessions.
Single sign-on (SSO)
SSO is available on Enterprise plans and allows your team to sign in using your organization's identity provider (Okta, Azure AD, Google Workspace, etc.). Contact support@trussnote.com to configure SSO for your organization.
Security policy
TrussNote maintains a published security policy covering data handling, encryption, access controls, and incident response. View it at trussnote.com/security-policy.
For security vulnerability disclosures, see our security.txt at /.well-known/security.txt.
Was this article helpful?