
Your ADO Pilot account — the one you use at [adopilot.dev](https://adopilot.dev), separate from your Azure DevOps organization — has its own sign-in methods, an optional multi-factor authentication (MFA) layer, and a "step-up" re-authentication check that guards a short list of sensitive actions. This page covers all three.

## Signing in

The sign-in screen at [adopilot.dev/login](https://adopilot.dev/login) (and the **Sign In** tab on the landing page) offers up to three doors:

- **Email and password.** The always-available default. New accounts require a password of at least 12 characters that isn't one of a small set of extremely common passwords (`password123`, `qwerty123`, and similar).
- **A one-time sign-in link or code.** Enter your email and choose **email me a sign-in link** or **email me a code** instead of typing a password. Either one is sent to your inbox; the link or code is single-use — available when passwordless sign-in is turned on.
- **Sign in with Microsoft.** A **Sign in with Microsoft** button signs you in (or, for a new account, creates one) using your organization's Microsoft Entra ID. You can also link an existing password-based account to a Microsoft identity — or remove that link — from **Settings → Security**; both linking and unlinking require a step-up re-confirmation (see below).

{% figure src="/images/account-security-sign-in-options.png" alt="The ADO Pilot sign-in screen showing the email/password form alongside one-time sign-in link, one-time code, and Sign in with Microsoft options" caption="The sign-in screen. Sign in with Microsoft is always available; the passwordless options appear when passwordless sign-in is turned on." /%}



Forgot your password? Use **Forgot password** on the sign-in screen — it emails a reset link the same way the one-time sign-in code does, and doesn't reveal whether an account exists for that address.

{% callout type="info" title="Changing your email signs you out" %}
If you change the email address on your account, every active session — including the one you're using — is signed out immediately, and you'll need to sign in again with the new address. This is expected; it's the same protection that applies to a password change.
{% /callout %}

## Multi-factor authentication (MFA)

ADO Pilot supports authenticator-app based MFA (TOTP — the same 6-digit, 30-second codes used by apps like Microsoft Authenticator, Google Authenticator, or 1Password). Enrolling is optional, for both regular team members and org admins. There's one asymmetry worth knowing: once an **org admin** enrolls, MFA can't be turned back off while they hold the admin role. A member can enroll or disable MFA at any time.

Enrolling isn't required to sign in and use ADO Pilot — including on free-trial credits — but it does change how you satisfy the **step-up** re-confirmation that a handful of sensitive actions require (billing actions among them; see [Step-up re-authentication](#step-up-re-authentication) below): with MFA enabled, you confirm with a fresh authenticator code; without it, you confirm with your account password, or — if you sign in without a password (a one-time email link or code, or **Sign in with Microsoft**) — with a one-time code we email to your current address. Enrolling isn't a prerequisite for reaching those actions — it just determines which factor you're asked for when you do.

### Enrolling

1. Go to **Settings → Security** and choose **Set up two-factor authentication**.
2. Scan the QR code with your authenticator app (or enter the displayed secret manually).
3. Enter the 6-digit code your app generates to confirm the pairing.

{% figure src="/images/account-security-mfa-enroll.png" alt="The Settings → Security MFA enrollment card showing a QR code and a 6-digit confirmation code field" caption="Enrolling MFA from Settings → Security. The authenticator entry is labeled 'ADO Pilot' in your app." /%}



### Recovery codes

Confirming enrollment immediately shows **10 single-use recovery codes**. Each is a short pair of letter/number groups (for example `AB3XY-9KMNP`). Store them somewhere safe — a password manager or printed copy — the same way you'd protect a password: anyone with a valid code can use it in place of your authenticator app.

{% figure src="/images/account-security-recovery-codes.png" alt="The one-time recovery codes screen shown immediately after activating MFA, listing 10 backup codes" caption="Recovery codes are shown once, right after you activate MFA." /%}



Each code works once. **Settings → Security** shows how many unused codes you have left and warns you when you're down to your last two — regenerate a fresh set of 10 from there at any time (regenerating invalidates every old code, so update wherever you'd stored them).

If you lose access to both your authenticator app and your recovery codes, contact [support](support-and-contact.md) to regain access to your account.

## Trusted devices

When you sign in with MFA, you can check **Remember this device** to skip the second-factor prompt on that browser for the next 14 days. This affects sign-in only — it never satisfies a step-up re-confirmation (below), so a trusted device still can't rotate a credential or open the billing portal without a fresh code.

Manage remembered devices from **Settings → Security → Trusted devices**: revoke any single device, or **Revoke all devices** to require the second factor everywhere immediately.

{% figure src="/images/account-security-trusted-devices.png" alt="The Trusted Devices settings page listing remembered devices with individual and bulk revoke controls" caption="Trusted devices are remembered for 14 days and can be revoked individually or all at once." /%}



Disabling MFA clears every trusted device on your account. Changing your password or regenerating recovery codes signs out your other sessions, but doesn't revoke a remembered device — if you suspect one is compromised, revoke it explicitly from **Trusted devices**.

## Step-up re-authentication

A handful of sensitive actions ask you to re-prove your identity even though you're already signed in — this is "step-up." It exists because a browser session that's been open for hours (sessions last up to 24 hours) shouldn't, on its own, be enough to rotate a credential, change your account details, or spend money. When a step-up-gated action needs a fresh confirmation, ADO Pilot shows a small dialog asking for a current 6-digit code from your authenticator app (if you have MFA enabled), your account password (if you sign in with a password), or a one-time code we email to your current address (if you sign in without a password — a magic link, an email code, or Sign in with Microsoft).

{% figure src="/images/account-security-step-up-dialog.png" alt="The step-up re-authentication dialog on the Settings → Security page, asking the signed-in admin to re-enter their password before starting two-factor authentication setup" caption="A step-up prompt — here, the password variant, shown because this account hadn't enrolled MFA yet. An account with MFA enabled sees an authenticator-code field instead; a passwordless or Microsoft sign-in account sees an emailed-code field." /%}



Confirming a step-up prompt authorizes any step-up-gated action in the same category (billing or security) for the rest of that short window — it doesn't extend or restart your overall 24-hour session. Actions that can ask for step-up include:

- Starting two-factor authentication setup
- Rotating your Azure DevOps [personal access token](../connecting-ado/rotating-your-pat.md)
- Opening the Stripe billing portal, changing the overage cap, or converting/ending a plan
- Changing your account details
- Linking or unlinking a Microsoft sign-in
- Managing trusted devices

If you dismiss a step-up prompt, the action is simply cancelled — nothing is changed, and you can retry it whenever you're ready.

### Changing your email

Your sign-in email is your account's recovery anchor, so changing it is a step-up-gated action, and the confirmation depends on how you sign in. If you have a password, you confirm with that password. If you sign in without one — a magic link, an email code, or **Sign in with Microsoft** — you don't need to add a password first: ADO Pilot emails a one-time code to your **current** address and you enter it to confirm. Either way, the change only takes effect after you prove control of the **new** address from a link we send there, and changing your canonical email signs out all of your existing sessions.

## Related pages

- [Invoices and payment](../billing/invoices-and-payment.md)
- [Rotating your personal access token](../connecting-ado/rotating-your-pat.md)
- [Roles and permissions](../team/roles-and-permissions.md)
- [Support and contact](support-and-contact.md)
