Account security today
Two-factor authentication (2FA) is not currently available on the Advizr platform. Login is email and password, handled by Supabase authentication. This page explains what protects your account today and what you can do to keep it secure.
What protects your account today
The platform secures your account through several layers:
- HTTPS encryption - all traffic between your browser and the platform is encrypted in transit
- Encrypted storage - passwords are hashed and never stored in plain text
- Dual-database architecture - your login credentials live in a master authentication database, separate from your organization’s business data, which stays in its own isolated database
- Role-based access - each team member sees only what their role allows (see Roles and permissions)
- Session expiry - session tokens last 24 hours and renew only while you are actively using the platform
For the full login flow, including password resets, see Login and security.
How to keep your account secure
Until 2FA is available, your password is the single key to your account. Treat it accordingly:
- Use a long, unique password that you do not reuse on any other service
- Store it in a password manager rather than a browser note or document
- Never share credentials between team members - each person gets their own login, and shared accounts defeat role-based access
- If you use a shared or public computer, log out when you finish
- If you suspect your password has been exposed, reset it immediately from the login page using the “Forgot password” link
Requesting two-factor authentication
If 2FA matters for your organization’s security or compliance requirements, raise it with your Advizr team through Chat or on your next call. Knowing which clients need it helps prioritize the work.
Next steps
lockLogin and securityHow to log in, reset your password, and understand session management.
Last updated on