Security Settings
Security panel with password row, two factor status, and a ruled active sessions list with per device revoke.
Security panel with password row, two factor status, and a ruled active sessions list with per device revoke.
The Application Collection unlocks the source for every Application block. All Access unlocks every Collection.
Already purchased? Log in
Security Settings is the account safety panel in two parts. The top ruled list has a password row, last changed Mar 2026 with a Change password button, and a two factor row where an Enabled badge confirms the authenticator app added Jan 2026 and a Manage button opens the 2FA flow. Below a section break, the active sessions list shows three devices: a MacBook Pro on Safari 17 active now labeled This device, an iPhone 15 on the Acme iOS app 2 hours ago, and a Windows 11 machine on Chrome 126 last seen Jun 8 from Manchester. Each non-current session has a Revoke button; the current device has none, and the footer prose explains why: the session you are using now cannot be revoked from here.
Sessions are one typed array, icon, device, client, location, lastSeen, and current, so the rendering loop stays clean and adding a fourth device is one object. The design choice to omit the Revoke button entirely rather than disable it prevents the this button is broken ticket without hiding information.
Reach for this block on the security settings route. Wire Change password to your password update flow, Manage to your 2FA setup modal, and Revoke to your session DELETE endpoint. Revocation should take effect server side immediately; the one-minute prose on the footer covers propagation delay.
A natural flow around it on an Application Pro page:
Before
After
One strong use is the personal account security panel. Other security surfaces:
Tip: omitting Revoke on the current session rather than disabling it is the right call; a disabled button invites a bug report, an absent one does not.