Your profile and security

Update your name, photo, email and password, turn on two-factor authentication with recovery codes, and sign out devices you no longer use.

7 min read Updated

Your profile is your personal sign-in and how you appear to your team — it's separate from your company's details. This article covers everything in one place: keeping your personal profile up to date, locking your account down with two-factor authentication, and managing the devices you're signed in on.

Personal profile vs company profile

It helps to be clear on the difference before you start:

  • Your profile is your account — your name, photo, email, password and personal security settings. It's how you sign in and how your colleagues see you in the team list and the activity log.
  • Your company profile holds the details your customers see — the business name, VAT number, contact details, address and the logo on your reports. Those live separately under company profile, settings and branding.

Changing your personal email or photo has no effect on your reports, rental agreements or customer-facing PDFs. Those follow the company branding, not your personal profile.

Updating your personal profile

You'll find your profile from the account menu (your name or photo). From there you can update your:

  • Name — how you appear to teammates and on the activity log.
  • Profile photo — optional, shown next to your name in the team list.
  • Email address — this is your sign-in, so changing it changes how you log in. Use an address you control and check, because password resets, emailed sign-in codes (if you choose that 2FA method) and account notifications go here.
  • Personal address — kept on your account for your own records.
  • Password — see below.

Changes save when you confirm them. There's no cost to anything here — updating your profile, like most actions in vehReports, is free. (The only two actions that ever use a credit are signing off an inspection report and signing a rental agreement.)

Changing your password

To change your password you'll normally confirm your current password, then set and confirm a new one. Choose something long and unique — a passphrase of a few unrelated words is both stronger and easier to remember than a short, complicated string. Don't reuse a password from another service.

Changing your password is a good moment to also sign out everywhere else so any other devices are forced to log in again with the new password.

What if I'm locked out or forgot my password?

Use the "forgotten password" link on the sign-in page. A reset link is sent to your email address — which is exactly why it's important that the email on your profile is one you can still access. If you've also turned on two-factor authentication, you'll still need your second step (your authenticator app code, an emailed code, or a recovery code) after resetting — so keep your recovery codes safe.

Two-factor authentication

Two-factor authentication (2FA) adds a second check at sign-in, so a stolen or guessed password alone isn't enough to get into your account. Because your account can hold customer records, driver licence data and billing details, 2FA is one of the simplest and strongest protections available — well worth the minute it takes to set up.

Choosing a method

From your profile's security settings, turn on 2FA using either:

  • An authenticator app — such as Google Authenticator, Authy, Microsoft Authenticator or 1Password. The app generates a rotating six-digit code that changes every 30 seconds. You scan a one-time QR code (or type a setup key) to link the app, then enter the current code to confirm. This is the more secure option because the codes are generated on your device and don't travel over email.
  • Emailed codes — a code is sent to your profile email address each time you sign in. This needs no extra app, but it's only as secure as your email inbox, so make sure that account itself is well protected.

Pick whichever you'll actually use consistently. An authenticator app is the recommendation for most people; emailed codes are a fine fallback if installing an app isn't practical.

Recovery codes

When you turn on 2FA you're given a set of recovery codes. These are your safety net if you lose your phone, can't open your authenticator app or can't get to your email.

  • Save them somewhere safe and separate from your phone — a password manager, or printed and kept securely. Don't store them only on the same device that runs the authenticator.
  • Each recovery code works once. After you use one to sign in, it's spent.
  • If you run low on unused codes, or think they may have been seen by someone else, regenerate a fresh set from your security settings. Regenerating invalidates the old set, so update wherever you've stored them.

Signing in with 2FA on

After 2FA is on, signing in is: enter your email and password as usual, then enter the current code from your authenticator app (or the code emailed to you). You're then in. If you ever can't produce a code, use one of your recovery codes instead.

What if I lose my phone or my authenticator?

Use one of your recovery codes to sign in, then go straight to your security settings and either set up your authenticator app again on a new device or switch to emailed codes. If you've lost both your authenticator and your recovery codes, you'll need help getting back in — raise a support ticket and the team can verify you and reset your second step.

Encourage your team to turn it on

If you're an Owner or Manager, encourage everyone on the team to enable 2FA on their own profile. There's no single switch to force it on for everyone, but it's good practice for every account that can run licence checks, view customer data or sign off reports. See roles explained for who can do what.

Managing active sessions

What are active sessions?

Your active sessions are the devices and browsers currently signed in to your account — for example, your office desktop, your phone in the yard, and a laptop you used last week. Reviewing the list is a quick way to spot anything you don't recognise, such as a device you've since got rid of or a browser you don't remember using.

Signing out other devices

From your profile's security settings you can choose sign out everywhere else — this ends every session except the one you're currently using. It's the right move if you've:

  • signed in on a shared, borrowed or public computer and forgot to log out,
  • lost a phone or laptop, or sold or replaced a device,
  • just changed your password and want every other device to re-authenticate, or
  • any reason to think someone else may have your details.

The device you're on stays signed in, so you won't lock yourself out. Other devices will simply be asked to sign in again next time.

Do I need to do this regularly?

No — there's no need to do it as routine housekeeping. It's a "when something changes" action: do it after a password change, a lost or replaced device, or if you ever suspect your details have been compromised. For everyday protection, two-factor authentication does the heavier lifting by stopping a stolen password being useful in the first place.

A quick security checklist

A sensible setup for any account holding customer and licence data:

  1. Use a strong, unique password you don't use anywhere else.
  2. Turn on two-factor authentication — an authenticator app where you can.
  3. Save your recovery codes somewhere safe and separate from your phone.
  4. Sign out everywhere else after a password change or a lost device.
  5. Keep the email on your profile current, since resets and codes go there.

Related articles

Thanks for your feedback.

Related articles

Company profile, settings and branding Switching between companies

Still need a hand?

Can't find what you're looking for? Our team is happy to help.

Contact us