š” HCB signs you in with a one-time email code, no password. You can add extra protection: turn on two-factor authentication, register a passkey or security key, and review the devices signed in to your account.
How you sign in
HCB doesn't use passwords. You log in with a one-time code sent to your email. If you've verified a phone number, you can choose to get the code by text instead.
Turn on two-factor authentication
For extra security, add a second factor in Settings, then Security. You can use:
An authenticator app, scan the QR code with Google Authenticator, Authy, or similar.
A passkey or security key, like Touch ID, Face ID, Windows Hello, or a hardware key.
SMS codes, which need a verified phone number.
Once you've added at least one, turn on Enable two-factor authentication. It's also worth generating backup codes in case you ever lose access to your method.
Manage your devices and sessions
In Settings, then Security, you can see every device signed in to your account, along with its location and last login. Sign out any one of them, or use Sign out everywhere else to log out everywhere but the device you're on. You can also set how long a session stays signed in.
Security alerts
HCB emails you when something security-related happens, like a sign-in from a new device, a change to your two-factor settings, or a backup code being used. If you get one you didn't expect, sign out your sessions and review your security settings.
