# Security Settings To ensure the highest level of security for your earnings and personal data, the Affiliate Portal now includes a dedicated **Security Settings** tab. This guide outlines how to manage your password, enable Two-Factor Authentication (2FA), and understand the new security verification protocols for logging in and updating payment information. #### 1. Accessing Security Settings All security-related configurations have been moved from the generic Profile tab to a new, dedicated location. 1. Log in to your **Affiliate Account**. 2. Navigate to the **Settings** section. 3. Click on the **Security** **settings** tab.

Here you will find two main sections: * **Password Management** * **Verification Methods** #### 2. Password Management We have enhanced the password change process to prevent unauthorized account takeovers. To change your password: * Go to **Security settings** tab > click **Change password**

* Enter your current password, new password, confirm password and click **Next**

* A One-Time Password (OTP) will be sent to your registered email address. You must enter this code to finalize the password change. **Note:** If you do not have access to your email, you will not be able to change your password. This ensures that even if someone guesses your password, they cannot lock you out of your account.

#### 3. Two-Factor Authentication (2FA) Two-Factor Authentication adds an extra layer of security. It is a **secondary method** (optional but recommended) used to verify your identity when performing sensitive actions (update payment info/login). #### Setting Up 2FA: 1. In the **Security** **settings** tab, locate the **Verification Methods** section. 2. Select **Enable 2FA**.

3. Scan the QR code using an authenticator app (such as Google Authenticator or Authy) on your smartphone.

4. Enter the 6-digit code generated by the app and click **Next.**

5. **Next**, An OTP will be sent to your registered email address. Enter this code to confirm and finalize 2FA activation.

#### Customizing 2FA Scope: Once enabled, you can choose when 2FA is required: * **Login Account:** Require a 2FA code every time you sign in. * **Update Payment Method:** Require a 2FA code only when changing payout details (highly recommended to prevent payment fraud). * **Both:** For maximum security.

### 4. Using Verification Method #### Updating Payment Information When you attempt to change your payout email or bank details: 1. The system will ask for verification. 2. You will see two options (if 2FA is set up): * **Verify via 2FA App:** Enter the code from your phone. * **Verify via Email OTP:** Enter the code sent to your inbox.

#### Logging In * **Standard Login (If 2FA is NOT Enabled):** Enter Email & Password only. * **If 2FA is Enabled for Login:** You will be prompted to enter the code from your authenticator app or email OTP (if authenticator app is lost)

**Security Limits & Troubleshooting** To prevent "brute force" attacks (hackers trying to guess your codes), the system implements strict limits. * **Attempt Limit:** You have a maximum of **10 attempts** to enter the correct 2FA or Email OTP code per login session. * **Temporary Lockout:** If you exceed 10 failed attempts, your account login/verification ability will be **blocked for 1 hour**.