Skip to main content

Account & Security

Overview

This page explains how to manage your docs101 login, change your password, and keep your account secure. It also covers how to set up integrations like Clockify.

Your Login

docs101 uses a dedicated login system powered by Keycloak. When you open docs101, you see a login page where you enter your email and password. You can also sign in with your Google or Microsoft account if you prefer.

info

docs101 does not store your password. Your credentials are managed securely by our login system (Keycloak), separate from your invoicing data.

Changing Your Password

To change your password:

  1. Go to the docs101 login page
  2. Click Forgot Password?
  3. Enter your email address
  4. Check your inbox for a password reset email
  5. Click the link in the email and set a new password
No Reset Email?

Check your spam folder. If you still don't receive the email, contact docs101 support.

Multi-Factor Authentication (MFA)

docs101 includes multi-factor authentication to protect your account. When MFA is active, you need both your password and a one-time code from an authenticator app (such as Google Authenticator or Authy) to log in.

Setting Up MFA

  1. Log in to docs101
  2. On the login page, you will be guided through MFA setup if it is not yet configured
  3. Scan the QR code with your authenticator app
  4. Enter the one-time code shown in the app to confirm
Save Your Recovery Codes

When setting up MFA, save the recovery codes in a safe place. If you lose access to your authenticator app, you will need these codes to log in.

Staying Logged In and Logging Out

After you log in, docs101 keeps you signed in for a period of time. You do not need to enter your password every time you open the app.

  • Automatic logout: After a period of inactivity, you will be asked to log in again. This is normal and keeps your account safe.
  • Manual logout: Click your profile icon and select Logout to sign out immediately.

API Key Management

docs101 provides encrypted API key storage for third-party integrations. API keys are encrypted before being stored, ensuring they are never visible in plain text after saving.

Clockify Integration

docs101 integrates with Clockify for time tracking.

Setting Up Clockify Integration:

  1. Create a Clockify account at clockify.me
  2. Get your Clockify API key from Clockify settings
  3. In docs101, go to Settings > Account > Integrations
  4. Paste your Clockify API key
  5. Click Save
  6. The integration is now active

What You Can Do:

  • Import time entries from Clockify
  • Create invoice line items from tracked hours
  • Automatically bill based on Clockify time logs
tip

Your Clockify API key is stored encrypted in the docs101 database. It is never exposed in plain text after saving.

API Key Security

All API keys stored in docs101 are encrypted:

  • Keys are encrypted before being written to the database
  • Decryption only occurs when the key is needed for an API call
  • Keys are never displayed in full after initial entry
  • If you need to change a key, enter the new value and save

Security Best Practices

  1. Use a Strong Password — Choose a password with at least 8 characters, mixing uppercase, lowercase, numbers, and special characters
  2. Set Up MFA — Enable multi-factor authentication for an extra layer of protection
  3. Use a Password Manager — Store your credentials in a password manager like 1Password, Bitwarden, or similar
  4. Watch for Suspicious Activity — If you notice anything unusual in your account, change your password immediately
  5. Keep API Keys Secret — Never share API keys via email or chat; regenerate if compromised

Security Checklist

Ensure your account is secure:

  • Password is strong (8+ characters, mixed case, numbers, special characters)
  • MFA is set up and active
  • Clockify API key is configured (if using Clockify)
  • Email address is current and monitored

Common Questions

Q: Where do I change my password?

  • A: Click Forgot Password? on the docs101 login page. You will receive an email with a link to set a new password.

Q: Can docs101 see my password?

  • A: No. Your password is managed by our login system (Keycloak) and is never accessible to the docs101 application.

Q: I lost access to my authenticator app. What now?

  • A: Use one of your recovery codes to log in. If you don't have recovery codes, contact docs101 support to regain access.

Q: How are my API keys stored?

  • A: API keys are encrypted before being stored in the database. They are only decrypted when needed for API calls.

Q: What happens if I lose access to my account?

  • A: Use the Forgot Password? link on the login page. If that does not work, contact docs101 support for help.

Next: Review Compliance Guides to ensure your invoices meet EU standards.