Skip to main content

Authentication

RunOS provides multiple authentication methods to access the Console and manage your infrastructure securely.

Authentication Methods

Email & Password

The most common authentication method using your email address and a password.

Features:

  • Secure password storage (hashed, never stored in plain text)
  • Password reset via email
  • Protected by Google reCAPTCHA v3 against bots
  • Optional Multi-Factor Authentication (MFA)

How to sign up:

  1. Go to the RunOS Console
  2. Click "Sign Up"
  3. Enter your email address
  4. Create a password
  5. Verify your email address
  6. Complete the reCAPTCHA verification (invisible, automatic)

Google OAuth

Sign in using your Google account for seamless authentication.

Features:

  • No password to remember
  • Single sign-on experience
  • Managed by Google's security infrastructure
  • Automatic account creation on first sign-in

How to use:

  1. Go to the RunOS Console
  2. Click "Sign in with Google"
  3. Select your Google account
  4. Grant permissions
  5. You're signed in

GitHub OAuth

Authenticate using your GitHub account, ideal for developers.

Features:

  • Developer-friendly authentication
  • Leverages GitHub's security
  • No separate password needed
  • Repository access controlled separately

How to use:

  1. Go to the RunOS Console
  2. Click "Sign in with GitHub"
  3. Authorize RunOS to access your GitHub account
  4. You're signed in

Password Management

Changing Your Password

To change your password:

  1. Sign in to RunOS Console
  2. Navigate to Account Settings
  3. Click Security tab
  4. Click Change Password
  5. Enter your current password
  6. Enter your new password
  7. Confirm your new password
  8. Click Update Password

Password Reset

If you forget your password:

  1. Go to the RunOS Console login page
  2. Click Forgot Password?
  3. Enter your email address
  4. Check your email for the reset link
  5. Click the link in the email
  6. Enter your new password
  7. Confirm your new password
  8. Click Reset Password

Important:

  • Password reset links expire after 1 hour
  • If you don't receive the email, check your spam folder
  • You can request a new reset link if needed

Multi-Factor Authentication (MFA)

Add an extra layer of security to your account with MFA.

What is MFA?

Multi-Factor Authentication requires two forms of verification:

  1. Something you know - Your password
  2. Something you have - A code from your authenticator app

Supported Methods

TOTP (Time-Based One-Time Password)

  • Works with authenticator apps
  • 6-digit codes that rotate every 30 seconds
  • Apps: Google Authenticator, Authy, 1Password, Microsoft Authenticator

Enabling MFA

  1. Sign in to RunOS Console
  2. Go to Account Settings
  3. Click Security tab
  4. Click Enable MFA
  5. Scan the QR code with your authenticator app
  6. Enter the 6-digit code to verify
  7. Save your backup codes (coming soon)
  8. MFA is now active

After enabling MFA:

  • You'll be prompted for a code after entering your password
  • Enter the current 6-digit code from your authenticator app
  • Optionally check "Trust this device for 30 days"

Disabling MFA

  1. Sign in to RunOS Console (you'll need your MFA code)
  2. Go to Account Settings
  3. Click Security tab
  4. Click Disable MFA
  5. Confirm your decision

Lost Access to MFA?

If you lose access to your authenticator app:

Bot Protection

RunOS uses Google reCAPTCHA v3 to protect against automated attacks.

What is reCAPTCHA v3?

  • Invisible protection - No checkboxes or challenges
  • Behavior analysis - Analyzes how you interact with the page
  • Automatic verification - Happens in the background

What's Protected

reCAPTCHA protects:

  • User registration
  • Login attempts
  • Password reset requests
  • Account changes
  • High-value operations

Benefits

  • Prevents credential stuffing - Stops automated login attempts
  • Blocks bot sign-ups - Prevents fake account creation
  • No user friction - Works invisibly without disrupting your experience

Security Best Practices

For Your Account

  1. Use a strong, unique password

    • At least 12 characters
    • Mix of letters, numbers, and symbols
    • Don't reuse passwords from other sites

  2. Enable MFA

    • Adds significant extra security
    • Protects even if your password is compromised

  3. Use OAuth when possible

    • Google and GitHub have robust security
    • One less password to manage

  4. Keep your email secure

    • Your email is the recovery method
    • Enable MFA on your email account

  5. Review account activity regularly

    • Check for unfamiliar login locations
    • Review connected devices