Account Security Guide
Your Kanorio account allows you to manage website content, domains, team members, and payment settings. The most important principle for protecting your account isn't to remember more passwords, but to ensure that only you can access the email, Google account, and second-factor verification required for login.
Why Kanorio Doesn't Use Traditional Passwords
Kanorio supports logging in with a Google account or an email verification code, eliminating the need to set up a separate Kanorio password. This method is called passwordless login.
Simply put, the system verifies that you are the person logging in by using your existing Google account or a one-time verification code sent to your inbox. This reduces the risk of having 'yet another password to remember, reuse, or have leaked'.
However, this also means you must specifically protect the Google account and email inbox you use for logging in. If someone gains control of your inbox or Google account, they might also attempt to log into Kanorio.
Human Verification During Login
When requesting an email verification code, the system may ask you to complete a human verification (CAPTCHA). This is a small check designed to distinguish between real users and automated programs, reducing the risk of numerous bots repeatedly requesting login emails or guessing accounts.
If the screen prompts you to complete human verification, please follow the on-screen instructions; do not attempt to bypass it using unknown plugins or automated tools.
Add an Extra Layer of Security with Two-Factor Authentication
Two-Factor Authentication (2FA) is the most important account protection measure to enable. Once activated, even if someone obtains your Google login credentials or an email login link, they will still need to enter a short code generated by an authenticator app at that moment to complete the login.
Think of it as having two different locks on an office door: the first confirms your login method, and the second confirms you possess the authenticator app.
We recommend you:
- Enable 2FA in 'Settings → Security'.
- Use an authenticator app that you can securely maintain long-term.
- Store your recovery codes in a password manager or another secure location.
- Never share your QR Code, authenticator short code, or recovery codes with anyone.
Please log in to the backend and enable 2FA from the 'Security' section of Account Settings.
Team Members Should Only Have Necessary Permissions
When multiple people manage a website together, please invite each member to use their own account; do not share login credentials. This allows you to clearly know who can do what and to remove individual members when collaboration ends.
Regularly check the following:
- Who else can edit the website, view data, or manage billing?
- Have former employees, project-ended collaborators, or no-longer-needed partners been removed?
- Is it truly necessary for everyone to have permissions to manage payments, teams, or delete websites?
Please check and manage team members from the backend 'Overview'; when collaboration ends, immediately remove anyone who no longer requires access.
What to Do If You Receive Suspicious Login Messages
If you receive a Kanorio verification code or login link email without actively attempting to log in, someone might be trying to access your account using your email. This doesn't necessarily mean your account has been compromised, but you should immediately be vigilant:
- Do not forward, reply to, or provide the verification code or login link from the email.
- Verify if the sender and link are trustworthy; if in doubt, type the Kanorio URL directly into your browser to log in, and do not click on links in the message.
- Check and protect your email or Google account, for example, by updating its security settings.
- If not yet enabled, set up 2FA immediately; if already enabled, confirm your recovery codes are still in your possession.
- If you discover unauthorized changes, unfamiliar team members, or cannot log in, record the time and screen captures, then contact customer support.
For more comprehensive incident handling, please read What to Do If You Encounter Security Issues.
Frequently Asked Questions
Kanorio does not use traditional passwords for login, so there's no separate Kanorio password to reset. You can log in with Google or enter your email to receive a new verification code.
The email verification code is used to confirm that you are the person with access to that inbox. If 2FA is enabled, you will also be asked for a short code from an authenticator app after logging in, adding an extra layer of confirmation to your account.
First, secure the email or Google account used for login. Then, log into Kanorio from a trusted device, enable or reset 2FA, and check team members and website settings. If you cannot log in or discover unauthorized operations, please contact customer support immediately, and do not provide verification codes or recovery codes in your message.
It is not recommended. Please use team invitations to allow each member to use their own account. This preserves individual access scopes and makes it easier to revoke permissions when collaboration ends.