Summary
Users currently have no in-app way to manage authentication settings such as password changes, two-factor authentication (2FA), or passkeys. These options are not surfaced in the account settings UI at /account.
Current Behavior
- No password change option in account settings
- No 2FA enrollment or management
- No passkey registration
- Users must rely on the "Forgot password" flow on the login screen for password resets
Expected Behavior
Account settings should provide a dedicated Security section where users can:
- Change their password (for password-based accounts)
- Enroll in and manage two-factor authentication (TOTP, SMS, or hardware key)
- Register and manage passkeys (WebAuthn / FIDO2)
- View and revoke active sessions
Notes
- AuthKit (WorkOS) supports passkeys and 2FA — this may primarily be a UI/surface issue rather than a backend capability gap
- SSO users (Google, GitHub, etc.) would reasonably see a reduced set of options scoped to what's manageable on the AAO side
- Priority: low / nice-to-have
References
Summary
Users currently have no in-app way to manage authentication settings such as password changes, two-factor authentication (2FA), or passkeys. These options are not surfaced in the account settings UI at
/account.Current Behavior
Expected Behavior
Account settings should provide a dedicated Security section where users can:
Notes
References