Sign-in & Security
The Security settings page is where you manage your account's authentication and access security — your password, refund/action PIN, active sessions, and two-factor authentication.
Location: /settings/security
Changing Your Password
To update your account password:
- Go to Settings → Security
- In the Password section, click Change Password
- Enter:
- Current Password — Your existing password
- New Password — Must be at least 8 characters
- Confirm New Password — Re-enter the new password
- Click Update Password
Password Requirements
- Minimum 8 characters
- Recommended: mix of uppercase, lowercase, numbers, and symbols
- Do not reuse your last 5 passwords
Use a password manager to generate and store a strong, unique password for your Newclear account.
PIN Management
Your PIN is a 4–6 digit code used to authorize sensitive POS operations, specifically:
- Processing refunds
- Applying large discounts above a threshold
- Overriding prices
Setting Your PIN
- In Settings → Security, scroll to the PIN section
- Click Set PIN (or Change PIN if you already have one)
- Enter your desired 4–6 digit PIN
- Confirm the PIN
- Click Save
When Your PIN Is Required
Your PIN is requested when:
- You attempt to process a refund from POS
- You attempt to apply a discount above the configured threshold
- Your role requires PIN for specific actions
PINs are personal — each user has their own PIN. A manager's PIN is different from a staff member's PIN. This provides an audit trail of who authorized which sensitive action.
Resetting Your PIN
If you forget your PIN:
- Click I Forgot My PIN on the PIN prompt screen
- Enter your account password to verify identity
- Set a new PIN
Alternatively, a Super Admin can reset your PIN from Settings → Users → [Your Profile] → Reset PIN.
Active Sessions
Newclear tracks all active login sessions — each device and browser where you're logged in.
Viewing Active Sessions
- Go to Settings → Security → Active Sessions
- You'll see a list of sessions with:
- Device type (Desktop, Mobile, Tablet)
- Browser (Chrome, Firefox, Safari, etc.)
- Operating system
- IP address
- Location (approximate, based on IP)
- Last activity timestamp
Revoking a Session
If you see an unfamiliar session (possible unauthorized access):
- Click Revoke next to the suspicious session
- That device is immediately logged out
Log Out of All Devices
Click Revoke All Sessions to log out of every device simultaneously. You'll need to log back in on your current device.
Two-Factor Authentication (2FA)
Two-factor authentication adds an extra layer of security — even if someone knows your password, they can't log in without your second factor.
Enabling 2FA
- Go to Settings → Security → Two-Factor Authentication
- Click Enable 2FA
- Choose your second factor:
- Authenticator App (recommended) — Google Authenticator, Authy, 1Password
- SMS — Text message to your registered phone
- For Authenticator App:
- Scan the QR code with your authenticator app
- Enter the 6-digit code to verify setup
- Save your recovery codes in a secure location
- Click Confirm & Enable
Logging In with 2FA
After enabling 2FA:
- Enter your email and password as normal
- Newclear prompts for your second factor
- Enter the 6-digit code from your authenticator app (or SMS)
- You're logged in
Disabling 2FA
- Go to Settings → Security → Two-Factor Authentication
- Click Disable 2FA
- Confirm with your current password
Super Admins can require 2FA for all users of specific roles. If 2FA is required by your organization, you cannot disable it without Super Admin override.
Login History
View a log of all recent login attempts to your account:
- Go to Settings → Security → Login History
- See: timestamp, IP address, location, result (Success / Failed)
If you see failed login attempts from unfamiliar IPs, change your password immediately and enable 2FA.