Accounts & security

Email verification, sessions, 2FA, and how Twenty protects purchases.

Sign-in options

  • Email and password with hashed credentials.
  • Optional Google or GitHub OAuth.
  • Short-lived access tokens in httpOnly cookies plus refresh sessions for revocation.

Good habits

  1. Verify your email when prompted.
  2. Enable 2FA if available on your account.
  3. Use the same email for account and checkout.
  4. Sign out shared devices from session settings when available.
Never share download links or account credentials. Purchases are bound to your Twenty account.