# Doc: https://www.hipaatizer.com/docs/account/security

> LLM view for https://www.hipaatizer.com/docs/account/security

This file contains all documentation content in a single document following the llmstxt.org standard.

## Security

## Overview

The **Security** section in your profile settings lets you control authentication and session behavior for your HIPAAtizer account.

We strongly recommend enabling the options below to reduce the risk of unauthorized access.

---

## Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds an extra layer of security by requiring a one-time code from an authenticator app each time you sign in.

### Supported authenticator apps

You can use any standard TOTP-compatible authenticator, including:

- Google Authenticator
- Duo Mobile
- Authy

These apps can be installed on a mobile device or desktop.

### How MFA works

When MFA is enabled:
- You enter your email and password as usual
- You are then prompted to enter a **time-based code** generated by your authenticator app
- Login is completed only after the code is verified

### Enable MFA

1. Open your HIPAAtizer dashboard.
2. Navigate to:
   **[My Profile → Profile Settings → Security](https://app.hipaatizer.com/profile/security)**
3. Enable **Assign MFA device**.
4. For **MFA Device**, select **Authenticator App**.
5. A QR code will be displayed.
6. Scan the QR code using your authenticator app.
7. Enter the verification code generated by the app.
8. Click **Confirm Code**.

Once confirmed, MFA will be required for all future logins.

---

## Auto-logout after inactivity

Auto-logout protects your account by ending your session after a period of inactivity.

:::tip Administrator setting
The **Auto-logout after inactivity** setting is available **only to account administrators** and applies to all users in the account.
:::

This is especially useful when:
- Accessing HIPAAtizer from shared or clinical workstations
- Working in environments where sessions may be left unattended

### Enable auto-logout

1. Go to:
   **[My Profile → Profile Settings → Security](https://app.hipaatizer.com/profile/security)**
2. Enable **Auto-logout after inactivity**.
3. Select an inactivity timeout from the list:
   - Minimum: **15 minutes**
   - Maximum: **8 hours**

If no activity is detected during the selected interval, you will be automatically logged out and required to sign in again.

---

## Recommendations

For improved account security, we recommend:

- Enabling **MFA** for all users
- Using a **shorter inactivity timeout** on shared or clinical devices
- Logging out manually when finished, even if auto-logout is enabled