Help Center › Account & Billing › Profile & security

Profile & security

Update your personal information, change your password, and enable two-factor authentication to protect your account.

Profile settings

Your profile controls how your name and photo appear throughout Asan CRM — in team views, email signatures, and Cori's greetings.

  1. Go to Settings → Profile.
  2. Update your name, email, and phone number as needed.
  3. Upload a profile photo. Click the avatar area and select an image. Supported formats: JPG, PNG (max 2 MB).
  4. Click Save.
Changing your email address requires re-verification. A confirmation link is sent to the new address — your email does not change until you click it.

Changing your password

  1. Go to Settings → Password.
  2. Enter your current password to verify your identity.
  3. Enter and confirm your new password. Use at least 8 characters with a mix of letters, numbers, and symbols.
  4. Click Update Password.
Use a password manager to generate and store a strong, unique password. Avoid reusing passwords from other services.

Two-factor authentication (2FA)

Two-factor authentication adds a second layer of security. After entering your password, you must also provide a 6-digit code from an authenticator app.

  1. Go to Settings → Security.
  2. Click Enable Two-Factor Authentication.
  3. Scan the QR code with Google Authenticator, Authy, 1Password, or any TOTP-compatible app.
  4. Enter the 6-digit code from the app to confirm setup.
  5. Save your recovery codes (see below).

Once enabled, every login requires both your password and a fresh 6-digit code from your authenticator app.

Do not skip saving your recovery codes. If you lose access to your authenticator app without recovery codes, you will need to contact support to regain access.

Recovery codes

When you enable 2FA, Asan generates 8 one-time recovery codes. Each code can be used exactly once in place of your authenticator code if you lose access to your device.

Periodically check how many recovery codes you have remaining. If you are running low, regenerate a new set from Settings → Security.

Suspicious login protection

Asan monitors login activity for unusual patterns. When a login attempt comes from a new device or unfamiliar location, additional verification is required:

Using a VPN may trigger location-based verification, since your apparent location changes. This is expected behavior and a sign that the protection is working.

Frequently asked

I lost my authenticator device. How do I log in?+
Use one of your recovery codes in place of the 6-digit authenticator code. If you have no recovery codes remaining, contact support with your account email for identity verification and manual 2FA reset.
Can I disable 2FA after enabling it?+
Yes. Go to Settings → Security and click Disable Two-Factor Authentication. You will need to enter a current authenticator code or recovery code to confirm.
Which authenticator apps are supported?+
Any app that supports the TOTP (Time-based One-Time Password) standard: Google Authenticator, Authy, 1Password, Microsoft Authenticator, Duo Mobile, and others.
How do I update my email address?+
Go to Settings → Profile, enter the new email, and click Save. A verification link is sent to the new address. Your email does not change until you click the link.
Can my admin see my login history?+
Account administrators can see login timestamps and IP addresses for team members in the admin panel. They cannot see passwords or authenticator codes.

Was this article helpful?

Thanks — we'll use this to make the docs better.
Last updated 16 Jun 2026 · Applies to: Asan CRM
CoriAI Help Assistant
Hey! I'm Cori, your Asan CRM assistant. Ask me anything about the product and I'll point you in the right direction.