# My Logins ### Introduction Assignments often need to access external websites and platforms as part of their automated workflows. To do this securely, they require login credentials. Instead of including sensitive information directly in prompts—which would be insecure—the **My Logins** feature provides a safe and encrypted way to manage and use login data. ### What are My Logins? The **My Logins** section can be found under the *Resources* area in the left sidebar, alongside **Connections** and **Files**. It allows you to securely store and manage the login information your assignments need to access different domains. ![My Logins Section](https://2799416172-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FV0i3nXTFWDeWtbyZ9xMo%2Fuploads%2Fgit-blob-7bafd959c35489297457b2e4c84253f7bdb29422%2Fcredentials.png?alt=media) Each login entry contains a domain, username (or email), and password. You can also optionally configure two-factor authentication (2FA) if it's required for the account. When an assignment needs to log in to a site, it never directly accesses or "sees" the logins. Instead, it calls a secure tool that fetches the correct login for the relevant domain and fills it in automatically. This ensures that sensitive data is never exposed in the assignment's context window. Stored logins are also used automatically for HTTP Basic Auth — the browser-level username/password prompts that appear on some internal portals and enterprise web apps before the page loads. When a site issues this type of challenge, the browser looks up a matching login and responds without any extra steps from the assignment. *** ### Security Your logins are encrypted using **industry-standard AES-256 encryption** and stored securely. Passwords are **never saved in plaintext**, and assignments **cannot read or retrieve** them directly. This design ensures that your login details remain private and safe, even when your assignments are performing automated tasks on your behalf. *** ### Adding a New Login To add a new login: 1. Navigate to the **My Logins** section. 2. Click **Add Login**. 3. Enter the following details: * **Domain**: The website URL (e.g., `example.com`) * **Username or Email**: Your login username or email address * **Password**: Your account password * **One-time password secret** (optional): For 2FA-enabled accounts * **Two-factor authentication** (optional): Configure if needed 4. Click **Save Login**. *** ### Handling Two-Factor Authentication (2FA) If 2FA is enabled for your account, there are two ways to set it up: #### 1. Using a One-time Password (OTP) Secret You can manually enter your **OTP secret key** into the *One-time password secret* field. This secret allows the system to generate time-based one-time passwords (TOTPs) automatically whenever your assignment logs in. *** #### 2. Importing from Google Authenticator If your 2FA codes are already managed through **Google Authenticator**, you can easily import them using the **Import from Authenticator** feature. To do this: 1. Choose **Import from Authenticator**. 2. Follow the step-by-step tutorial to export your codes from the Google Authenticator app. * Open Google Authenticator * Tap the three dots menu * Select "Transfer accounts" → "Export accounts" * Select the accounts to export * A QR code will be displayed 3. Once the tutorial is complete (or skipped), you'll be prompted to either: * **Scan QR Code**: Use your device camera to scan the QR code from Google Authenticator * **Enter Secret Manually**: Type the secret key if you have it 4. Click **Import** to finalize.