Skip to main content
Featul provides enterprise-grade security with multiple authentication methods to protect your account and workspace data. Choose the authentication approach that best fits your security requirements.

Available Authentication Methods

Featul supports several authentication methods that can be used independently or combined for enhanced security:
  • Email and Password - Traditional authentication with OTP verification
  • OAuth Providers - Sign in with Google or GitHub
  • Two-Factor Authentication (2FA) - Add an extra security layer with TOTP
  • Passkeys - Modern passwordless authentication using biometrics
  • Multi-Session Support - Manage multiple active sessions across devices

Security Features

Email Verification

All accounts require email verification to ensure account ownership and enable password recovery. When you sign up or sign in:
  1. A one-time password (OTP) is sent to your email
  2. Enter the OTP within the verification window
  3. Your email is verified and you gain access
Email verification is required for both sign-up and sign-in to prevent unauthorized access.

Cross-Subdomain Authentication

Featul uses cross-subdomain cookies to provide seamless authentication across your workspaces:
  • Sign in once to access all your workspaces
  • Each workspace can have its own subdomain (e.g., acme.featul.com)
  • Custom domains are supported with DNS verification
  • Secure cookies protect your session across all domains
Your authentication session works across all workspaces you’re a member of, including custom domains.

Multi-Session Management

Manage multiple active sessions across different devices:
  • View all active sessions in your account settings
  • See device information and last activity
  • Revoke individual sessions remotely
  • Automatic session expiration for inactive devices
If you notice an unfamiliar session, revoke it immediately and update your password.

Rate Limiting

Featul implements rate limiting to protect against brute-force attacks:
  • Sign-in attempts: 5 per minute
  • Sign-up attempts: 5 per minute
  • Password reset requests: 3 per 5 minutes
  • 2FA verification: 5 per minute
  • Passkey verification: 10 per minute

Security Best Practices

Strong Passwords

Your password must meet the following requirements:
  • Minimum length and complexity requirements
  • Cannot be a commonly used password
  • Should be unique to Featul (don’t reuse passwords)
Use a password manager to generate and store strong, unique passwords for each service.

Enable Two-Factor Authentication

We strongly recommend enabling 2FA for all accounts:
  1. Navigate to your account security settings
  2. Enable two-factor authentication
  3. Scan the QR code with your authenticator app
  4. Save your backup codes in a secure location
Store your 2FA backup codes in a secure location. If you lose access to your authenticator app without backup codes, account recovery may not be possible.

Use Passkeys When Possible

Passkeys provide the strongest security with the best user experience:
  • Phishing-resistant authentication
  • No passwords to remember or steal
  • Uses your device’s built-in biometrics
  • Faster than typing passwords

Monitor Your Sessions

Regularly review your active sessions:
  1. Check for unfamiliar devices or locations
  2. Revoke sessions you don’t recognize
  3. Sign out of public or shared devices
  4. Enable 2FA for additional protection

Next Steps

Email & Password

Set up traditional email and password authentication

OAuth Providers

Sign in with Google or GitHub

Two-Factor Auth

Add an extra layer of security with 2FA

Passkeys

Enable modern passwordless authentication

Build docs developers (and LLMs) love

Get started for freeTalk to us