Account security

Your ePortal access is protected by your K-Connect account. The ePortal does not have its own password, it uses your K-Connect credentials, second factors, and sessions. This page covers what's available and where to manage each setting.

Reach your security settings from the account menu (top-right) → Account → Security, or directly at eportal.kaharagia.org/account. Some settings will redirect you to connect.kaharagia.org, where K-Connect handles them directly.

Password

Your password is managed in K-Connect.

• Change it: in K-Connect security settings
• Forgot it: see Reset your K-Connect password
• Strength: K-Connect requires a password long and varied enough to resist common attacks; the form will tell you if your password is too weak

A good password is long (at least 14–16 characters), unique to K-Connect, and stored in a password manager. You should not reuse a K-Connect password elsewhere.

Second-factor authentication (2FA)

Setting up at least one second factor is strongly recommended. K-Connect supports:

• Authenticator app (TOTP): codes generated every 30 seconds by Google Authenticator, 1Password, Bitwarden, or any RFC 6238 app
• WebAuthn / passkeys: hardware security keys (YubiKey, Titan Key) or platform passkeys (Touch ID, Windows Hello, etc.)
• Email one-time code: a fallback delivered to the email on file

You can have multiple factors enrolled at the same time. We recommend at least two so the loss of one isn't catastrophic, for example, an authenticator app plus an email one-time code.

To add a factor, go to K-Connect security settings, choose the factor type, and follow the on-screen instructions. For TOTP you'll scan a QR code; for WebAuthn you'll touch the key or use the device's biometric prompt; for email you'll just confirm the address.

To remove a factor, choose it in security settings and remove. You'll need to authenticate with another factor (or with your password if it's the only factor) to confirm the removal.

Recovery codes

When you set up a second factor, K-Connect will offer recovery codes: short single-use codes you keep somewhere safe in case you lose access to every other factor. Save them.

• Store recovery codes in a password manager, or print them and keep them somewhere physical and secure
• Each code is valid only once; using one consumes it
• If you run out (or lose them), you can regenerate a new set in K-Connect security settings, the old set is invalidated when you do

If you have no factors and no recovery codes and no access to your registered email, recovery is intentionally difficult. See the bottom of Reset your K-Connect password for what to do.

Active sessions

The ePortal/K-Connect tracks your active sessions, the devices and browsers currently signed in. Reach this in your account settings.

For each session you'll see:

• The device or browser type
• The approximate location (derived from IP)
• The time of sign-in and last activity

You can sign out any individual session, or sign out everywhere except this session. Use the latter if you suspect your account has been used on a device you don't recognise.

Login history

A log of recent sign-in attempts (successful and failed) is available in security settings. This is useful for spotting suspicious activity. If you see a successful sign-in you don't recognise:

1. Sign out everywhere except your current session immediately
2. Change your password
3. Add a second factor if you haven't already
4. Regenerate recovery codes

If you cannot rule out account compromise, contact us through the official support channel for investigation.

Removing your account

You can close your account through K-Connect security settings. Note:

• Closing the account ends your access immediately
• Some records associated with the account, particularly civil-records entries and Gazette publications, are part of the permanent record of the Principality and cannot be deleted with the account
• Deletion of personal data follows the rules in the ePortal Privacy Notice

If you change your mind, you must register a new account from scratch. There is no automatic restoration of a closed account.

Common questions

• "I see a session I don't recognise." Sign it out, change your password, add or rotate your second factor, and review recent activity. Contact support if anything looks suspicious.
• "Can I have a different password for the ePortal vs K-Connect?" No, the ePortal uses K-Connect for authentication. There is one password.
• "I lost my phone with my authenticator app." Use a recovery code, or another second factor if you have one. After signing in, remove the lost factor from your security settings and add a new one.
• "I want to use a hardware key." Add a WebAuthn factor in K-Connect security settings. Most modern hardware keys (YubiKey 5 series, Titan Key, etc.) work.