Galaxy

Security Menu

Keep your Galaxy account locked down tight. Two-factor authentication, password management, and all the tools you need to protect your account.

The Security section only appears for personal accounts. In an organization, you'll see the Members menu instead.

Two-Factor Authentication

Two-factor authentication (2FA) adds a crucial second layer of protection. Even if someone gets your password, they can't access your account without the second verification. It's the single most important thing you can do to protect your account.

Don't skip 2FA. Set it up as soon as you create your account.

2FA isn't optional if you care about security. We strongly recommend setting it up immediately.

Choose Your 2FA Method

The Gold Standard

Use an app like Google Authenticator, Authy, or Microsoft Authenticator.

How it works:

  1. Click "Enable App 2FA"
  2. Galaxy shows you a QR code
  3. Open your authenticator app and scan it
  4. Your app generates a new 6-digit code every 30 seconds
  5. When logging in, enter your password, then the current code

Only you can generate valid codes unless someone has physical access to your phone.

Why this is the best option:

  • Codes generated on your phone with no network dependency
  • Even if Galaxy's servers are compromised, your codes stay secure
  • Time-based codes make brute force attacks impossible
  • You maintain complete control

Recovery codes:

When you enable App 2FA, Galaxy gives you recovery codes. These backup codes work if you lose access to your authenticator app (like getting a new phone). Store them somewhere safe and separate from your phone, like a password manager.

Save recovery codes in a password manager. Keep them separate from your phone so you can access them even if your phone is lost.

Toggle App 2FA on and off anytime. Switching phones? Disable it on the old device and set it up fresh on the new one.

Alternative Option

Email 2FA is available if you can't use an authenticator app, but it's less secure.

How it works:

  1. Click "Enable Email 2FA"
  2. When logging in, Galaxy sends a code to your email
  3. Check your email, copy the code, enter it

Why it's less secure:

  • Your email itself could be compromised
  • Email delivery isn't instant
  • An attacker controlling your email can intercept codes

But still better than no 2FA:

  • Much better than just a password
  • Simple and straightforward
  • Works as a backup if something happens to your authenticator app

You can enable both App 2FA and Email 2FA at the same time for redundancy. If one method breaks, you have a backup.

Consider enabling both methods for maximum security. If one breaks, you have a backup.

Updating Your Password

Your password is your first line of defense. Keep it strong and change it regularly.

On the right side of the Security page, you'll see a password update form. Enter your current password (to confirm it's you), your new password, and confirm. Click "Update Password" and it's done immediately.

Making a Strong Password

Your password should be:

  • At least 12 to 16 characters long
  • Mix of uppercase, lowercase, numbers, and symbols
  • No personal information (names, birthdays, addresses)
  • No dictionary words or obvious patterns
  • Different from other accounts
  • Never reused

Bad: password123

Good: Gx$7mK@nP2qL9wR#vY

Use a password manager like 1Password, LastPass, or Bitwarden. They generate strong passwords and remember them. You only need one master password.

When to Change Your Password

  • Regularly (every few months)
  • Immediately if you suspect someone has access
  • After major security events (adding or removing 2FA)
  • Never reuse old passwords

Use a password manager. Easier and more secure than creating passwords yourself.

If Your Account Is Compromised

Suspect someone has access? Act fast.

  1. Change your password immediately
  2. Check your 2FA setup is still configured correctly
  3. Review recent login activity if available
  4. Check apps and databases for unauthorized changes
  5. Contact support if something looks wrong

Don't panic. Galaxy's security features limit what an attacker can do. If you have 2FA enabled, they can't access your account even with your password.

Security Best Practices

Use a password manager to generate and store all passwords. Unique and complex, every time.

Enable 2FA on your email address. Your email is how you recover all your other accounts. Protect it.

Never share your Galaxy login with anyone, even team members. Use Organizations for team collaboration instead.

Logout on shared computers. Coffee shop, library, shared office? Always logout when done.

Keep devices updated with latest security patches. This applies to phone, computer, and authenticator apps.

Watch account activity. Login attempts from unfamiliar locations or strange times? Change your password immediately.

Common Questions

What's Next?

Manage Account Details

Update email addresses and username settings

Review Applications

See what's deployed and make sure everything looks right

Billing Menu

Manage everything related to payments and costs. Payment method, current usage, invoices, coupons, and savings plans. No surprises, no hidden fees.

Members Menu

Your team management hub. Invite developers, control notifications, and monitor security settings for your organization.

On this page

Two-Factor AuthenticationChoose Your 2FA MethodThe Gold StandardAlternative OptionUpdating Your PasswordMaking a Strong PasswordWhen to Change Your PasswordIf Your Account Is CompromisedSecurity Best PracticesCommon QuestionsWhat's Next?