Profile & Security Settings

Manage your personal account details, password, and enhance security with Two-Factor Authentication (2FA).

Viewing Your Profile

Access your profile page by clicking your name/avatar in the top-right corner of the main navigation and selecting "View Profile".

User profile page showing avatar, name, email, and 2FA status

This page displays:

  • Your profile picture (avatar).
  • Your full name and the date you joined.
  • Your registered email address.
  • A link to reset your password.
  • Your current Two-Factor Authentication (2FA) status (Enabled/Disabled).
  • Options to manage 2FA.
  • A button to navigate to the "Edit Profile" page.

Editing Your Profile

Click the "Edit Profile" button on your profile page or select "Edit Profile" from the profile dropdown menu.

Edit Profile form with fields for email and avatar upload

  • Email Address: You can update your registered email address here. Ensure it's a valid email you have access to.
  • Profile Picture (Avatar): Click "Choose File" or browse to upload a new avatar image (JPG, PNG, GIF, WebP - Max 2MB). Your new picture will replace the old one. Leave blank to keep your current avatar.
  • Click "Save Changes" to update your profile.

Note: Changing your password is done via the "Reset Password" link on the main profile page or the login page.

Managing Two-Factor Authentication (2FA)

2FA adds an extra layer of security to your account. When enabled, you'll need a code from an authenticator app (like Google Authenticator, Authy, Microsoft Authenticator, or a password manager with TOTP support) in addition to your password when logging in.

Enabling 2FA

  1. On your profile page, if 2FA is disabled, click the "Enable 2FA" button.
  2. The page will reload, displaying a QR code and a secret key.

    2FA setup screen showing QR code and secret key

  3. Open your preferred authenticator app on your phone or device.
  4. Choose to add a new account, usually by scanning a QR code. Scan the code displayed on the PracticalCRM page.
  5. Alternatively, you can manually enter the Secret Key shown below the QR code into your app.
  6. Your authenticator app will now show a 6-digit code that changes every 30 seconds.
  7. Crucially: Before proceeding, securely save the Recovery Codes displayed below the QR code section. These are one-time use codes that allow you to log in if you lose access to your authenticator app. Store them safely (e.g., in a password manager, printed out). They will not be shown again after verification.

    List of recovery codes displayed during 2FA setup

  8. Enter the current 6-digit code from your authenticator app into the "Enter Authenticator Code" field on the PracticalCRM page.

    Input field for entering the 6-digit 2FA verification code

  9. Click "Verify & Enable".

If the code is correct, 2FA will be enabled for your account. You will also be shown the recovery codes one last time – ensure you have saved them!

If you navigate away or the code is incorrect, click "Cancel Setup" and start the process again.

Using Recovery Codes

If you cannot access your authenticator app, you can use one of your saved recovery codes instead of the 6-digit code during login or verification. Each recovery code can only be used once. If you use one, make sure to mark it off your saved list.

Disabling 2FA

If 2FA is currently enabled:

  1. Go to your profile page.
  2. Click the "Disable 2FA" button.
  3. Confirm the action when prompted.

Profile page showing 2FA enabled status and the Disable 2FA button

2FA will be turned off, and you will no longer need an authenticator code to log in. Your previously saved recovery codes will become invalid.