Security Settings

Protect your BlaBlaNote account with robust security features. Manage your password, enable two-factor authentication, and control active sessions.

Accessing Security Settings

1. Go to Settings
2. Select Security
3. Manage your security options

Password Management

Changing Your Password

If you signed up with email and password:

1. Go to Settings > Security
2. Click Change Password
3. Enter your current password
4. Enter your new password
5. Confirm the new password
6. Click Update Password

Password Requirements

Strong passwords should:

• Be at least 8 characters long
• Include uppercase and lowercase letters
• Include numbers
• Include special characters (!@#$%^&*)
• Not be a common password
• Not be reused from other sites

Password Best Practices

Create Strong Passwords

• Use a passphrase (e.g., "Purple-Elephant-Dances-42!")
• Use a password manager
• Never share your password
• Don't use personal information

Forgot Password

If you forget your password:

1. Go to the login page
2. Click Forgot Password
3. Enter your email address
4. Check your email for reset link
5. Click the link and set new password
6. Link expires in 60 minutes

Two-Factor Authentication (2FA)

What Is 2FA?

Two-factor authentication adds an extra layer of security by requiring:

1. Something you know (password)
2. Something you have (phone/authenticator)

Even if your password is compromised, attackers can't access your account without the second factor.

Enabling 2FA

1. Go to Settings > Security
2. Find Two-Factor Authentication
3. Click Enable 2FA
4. Download an authenticator app if needed
5. Scan the QR code with your app
6. Enter the verification code
7. Save your backup codes
8. 2FA is now active

Recommended Authenticator Apps

• Google Authenticator (iOS, Android)
• Authy (iOS, Android, Desktop)
• Microsoft Authenticator (iOS, Android)
• 1Password (with authenticator feature)

Backup Codes

When you enable 2FA, you receive backup codes:

• 10 single-use codes
• Use if you lose access to your authenticator
• Each code can only be used once
• Store securely (password manager, safe location)
• Generate new codes if you run out

To view/regenerate backup codes:

1. Go to Settings > Security
2. Find Two-Factor Authentication
3. Click View Backup Codes or Regenerate Codes
4. Verify with your password or current 2FA code

Using 2FA to Log In

After enabling 2FA:

1. Enter your email and password
2. You'll be prompted for 2FA code
3. Open your authenticator app
4. Enter the 6-digit code
5. Code refreshes every 30 seconds

Disabling 2FA

WARNING

Only disable 2FA if absolutely necessary. Your account will be less secure.

1. Go to Settings > Security
2. Find Two-Factor Authentication
3. Click Disable 2FA
4. Enter your password
5. Enter current 2FA code
6. Confirm disabling

Lost Authenticator Access

If you can't access your authenticator:

1. Use one of your backup codes
2. If no backup codes, contact support
3. Verification process required
4. May need to verify identity

Connected Accounts

Viewing Connected Accounts

See which social accounts are linked:

1. Go to Settings > Security
2. Find Connected Accounts
3. View Google, LinkedIn, or other connections

Benefits of Connected Accounts

• Alternative login - Sign in without password
• Account recovery - Backup access method
• Integration features - Calendar, contacts sync

Connecting an Account

1. Go to Settings > Security
2. Find the provider (Google, LinkedIn)
3. Click Connect
4. Sign in with that provider
5. Grant permissions
6. Account linked

Disconnecting an Account

1. Go to Settings > Security
2. Find the connected account
3. Click Disconnect
4. Confirm removal

Before Disconnecting

If you don't have a password set and only use social login, set a password first. Otherwise, you may be locked out of your account.

Session Management

What Are Sessions?

A session is created each time you log in. Sessions track:

• When you logged in
• Which device/browser
• Your location (approximate)
• Activity status

Viewing Active Sessions

1. Go to Settings > Security
2. Find Active Sessions
3. See all your logged-in devices

Each session shows:

• Device type (Desktop, Mobile, Tablet)
• Browser name
• Operating system
• Last active time
• Location (city/country)
• Current session indicator

Ending a Session

To log out of a specific device:

1. Find the session in the list
2. Click End Session or the X icon
3. That device is immediately logged out

End All Other Sessions

To log out everywhere except your current session:

1. Go to Settings > Security
2. Click End All Other Sessions
3. Confirm the action
4. All other devices logged out

Use this if:

• You suspect unauthorized access
• You're using a shared computer
• You want to start fresh

API Tokens

What Are API Tokens?

Personal API tokens allow:

• Programmatic access to your account
• Integration with other tools
• Automated workflows
• Developer access

Creating a Token

1. Go to Settings > Security
2. Find API Tokens
3. Click Create Token
4. Name your token (e.g., "Automation Script")
5. Select permissions
6. Click Create
7. Copy and save the token immediately

Token Security

The token is shown only once. Copy it immediately and store it securely. Never share your API token publicly.

Token Permissions

Set granular permissions:

• Read interactions - View recordings and transcriptions
• Write interactions - Create new interactions
• Read contacts - View contact information
• Write contacts - Create/edit contacts
• Read tasks - View tasks
• Write tasks - Create/edit tasks

Managing Tokens

View tokens:

• See all your active tokens
• View creation date and last used

Revoke a token:

1. Find the token in the list
2. Click Revoke
3. Token immediately stops working

Token Best Practices

• Create separate tokens for each use case
• Grant minimum necessary permissions
• Rotate tokens periodically
• Revoke unused tokens
• Never commit tokens to version control

Account Deletion

Deleting Your Account

Permanently delete your account and all data:

1. Go to Settings > Security
2. Scroll to Danger Zone
3. Click Delete Account
4. Enter your password
5. Type "DELETE" to confirm
6. Click Permanently Delete Account

What Gets Deleted

• All interactions and transcriptions
• All contacts
• All tasks
• All tags
• Account settings
• Subscription information
• All personal data

What Happens Next

• Immediate logout
• Data deletion begins
• Process completes within 30 days
• Confirmation email sent
• Deletion is irreversible

Before Deleting

1. Export your data - Download anything you want to keep
2. Cancel subscription - Avoid future charges
3. Disconnect integrations - Clean up external connections
4. Inform contacts - If using shared features

Security Best Practices

Account Security Checklist

• [ ] Use a strong, unique password
• [ ] Enable two-factor authentication
• [ ] Save backup codes securely
• [ ] Review active sessions regularly
• [ ] Connect a social account as backup
• [ ] Keep contact email current

Regular Security Reviews

Monthly:

• Check active sessions
• Review connected accounts
• Verify notification settings

Quarterly:

• Change password (optional but recommended)
• Regenerate backup codes if needed
• Review API token usage
• Audit integration permissions

Responding to Security Concerns

If you suspect unauthorized access:

1. Immediately change your password
2. End all other sessions
3. Review recent activity for suspicious actions
4. Enable 2FA if not already enabled
5. Contact support if you see unauthorized changes
6. Review connected accounts for unauthorized additions

Reporting Security Issues

If you discover a security vulnerability:

• Email security@blablanote.app
• Do not publicly disclose
• Include detailed description
• We'll respond within 24 hours