Account security and agent sessions
Protect sign-in, use two-factor authentication, review sessions, and revoke unneeded agent access.
Last updated
Use a unique password and enroll in two-factor authentication from the Security page. Quire can challenge sensitive authorization flows even when a browser session is already signed in.
Two-factor authentication
Enrollment uses an authenticator-compatible one-time password secret. Store recovery information securely and avoid sharing codes. Quire also protects authentication and code endpoints with rate limits.
Agent authorizations
Every MCP connection appears as a named agent session with its owning account, team, scopes, authorization time, and activity. Review these sessions periodically and revoke ones that are unfamiliar, obsolete, or tied to a retired client.
If public-IP binding is enabled for your deployment, an MCP connection is locked to the first public IP it uses. Changing networks or rotating VPN or proxy exit IPs disconnects it, and the user must authorize again.
Webhook secrets
Store whsec_… values outside source control. Rotate a secret if it may have been exposed, then update the receiving endpoint immediately. Quire never displays an existing secret after creation or rotation.