Account security
Secure your Astell account with passkeys and two-factor authentication, and manage sessions and connected apps.
Astell separates two layers of security: your account (how you sign in, covered here) and your workspace data (what each member can see, which is enforced by permission-aware search; see security practices).
Sign-in methods
You can sign in with a password, a magic link sent to your email, a connected OAuth provider (such as Google), or a passkey. Manage all of them under Account settings → Security.
Passkeys
Passkeys sign you in with your device's biometrics or screen lock instead of a password. They resist phishing and never leave your device.
Go to Account settings → Security → Passkeys and choose Add passkey.
Follow your browser's prompt (Touch ID, Face ID, Windows Hello, or a hardware key).
Name the passkey so you can recognize it later, and remove any passkey you no longer use from the same list.
Two-factor authentication
Two-factor authentication (2FA) adds a one-time code on top of your password.
Go to Account settings → Security → Two-factor authentication and choose Enable.
Scan the QR code with your authenticator app and confirm with a code from the app.
Store the recovery codes somewhere safe. They are the only way back in if you lose your device.
Active sessions
Account settings → Security → Active sessions lists every device currently signed in to your account, with its browser and last activity. Revoke any session you do not recognize; that device is signed out immediately.
Connected accounts and authorized apps
- Connected accounts are OAuth providers you use to sign in or connect data (for example, Google). Each entry shows which workspaces use it. See Integrations and syncing for how connections feed data into workspaces.
- Authorized applications are third-party clients you have granted access to your Astell data, for example an MCP client that searches your workspace. When an app requests access, Astell shows a consent screen listing exactly what it asked for (such as verifying your identity, reading your profile or email address, staying connected without re-authorizing, or searching a workspace's data through the Astell MCP server). You can allow or deny each request. See MCP integrations.
If you lose access
Password reset and locked-account recovery are covered step by step in the Help Center: password reset and email access and issues.
Compliance
Astell's compliance posture (SOC 2, HIPAA, GDPR, CCPA, DPA, SLA) is documented in the compliance and security section of the Help Center.