Two-Factor & Device Protections
Where possible prefer authenticator apps or hardware-backed keys over SMS codes. Register trusted devices and keep backups for your chosen 2FA method to avoid lockouts.
Token & API hygiene
If you use APIs or third-party integrations, grant minimal permissions and rotate keys regularly. Revoke any tokens associated with retired services.
Biometrics & local security
Use device-level protections — OS passcodes and biometrics — in addition to your account password to reduce risk if your device is lost or stolen.