Security Settings: Password, Sign-In Method, and Account Protection

Accessing Security Settings

Go to my.aplauso.io > Settings > Security.

Your Active Sign-In Method

The security settings page shows which method you used to create your account:

• Phone - you sign in with SMS OTP
• Email - you sign in with email OTP
• Google - you sign in with your Google account
• Facebook or Twitter - OAuth providers

This is important because password management works differently depending on your sign-in method.

Changing Your Password

Password changes only apply if your account uses email and password authentication (not OTP or OAuth).

1. Go to Settings > Security.
2. Click Change Password.
3. Enter your current password to confirm your identity.
4. Enter your new password (minimum 8 characters).
5. Re-enter the new password to confirm.
6. Click Save Password.

Your session remains active after the change. Other sessions (e.g., on another device) are not automatically invalidated.

Password requirements:

• Minimum 8 characters
• No maximum length restriction (up to 128 characters supported)

OAuth Accounts (Google, Facebook, Twitter)

If you signed in with Google or another OAuth provider, your password is managed entirely by that provider. Aplauso does not store a password for your account. To update your credentials:

• Google: Visit myaccount.google.com
• Facebook: Visit facebook.com/settings
• Twitter/X: Visit twitter.com/settings

The Security section in Aplauso shows "Signed in with Google" (or the applicable provider) and links to your provider's security page.

2FA (Two-Factor Authentication)

If you sign in via phone OTP or email OTP, a verification code is required every time you sign in - this is functionally equivalent to 2FA already, since both your knowledge (account identifier) and access to your device or inbox are required.

If you use Google sign-in, 2FA is managed in your Google account settings.

Keeping Your Account Secure

• Do not share OTP codes with anyone. Aplauso staff will never ask for your code.
• If you believe your account has been accessed without authorization, sign out of all sessions and contact Aplauso support immediately.
• Use a unique email address for your Aplauso account and a strong password if using email/password auth.
• On shared devices (hotel staff iPads, etc.), always sign out after use.