Everything you need to know about signing in to Viraly and keeping your account secure — including passkeys, two-factor authentication, and managing passwords.
Creating a Viraly account
You can sign up for Viraly three ways:
- Email + password — at app.viraly.io/signup
- Continue with Google — one click, no password needed
- Continue with Facebook — one click, no password needed
If you sign up through Google or Facebook, Viraly creates a single account in the background that’s linked to your social provider. You can later set an email password if you want to also sign in with email and password — both paths land in the same account.
Signing in
The sign-in page at app.viraly.io/login offers four options:
- Email + password — type your email and password, click Log In
- Sign in with a passkey — if you’ve added a passkey to your account
- Continue with Google
- Continue with Facebook
If you have two-factor authentication on, signing in with email and password adds a second step: Viraly asks for the current 6-digit code from your authenticator app. The code field submits automatically once you fill it.
If you signed up via Google or Facebook and try to sign in with email and password, you’ll be told to use your social provider — or to set an email password first.
The Security page
Everything below lives in one place: Settings → Security.
- Click your profile avatar in the top-right corner
- Select Account Settings
- Click Security in the left sidebar
From there you can change your password, register passkeys, turn on two-factor authentication, and sign out of every device at once.
Changing your password
- Go to Settings → Security
- Under Password, click Change password
- Enter your current password
- Enter your new password twice
- Click Save
Password requirements: at least 12 characters, including one uppercase letter, one lowercase letter, and one number.
If you’ve forgotten your current password, click Forgot it? Reset via email → on the same card to receive a reset code by email.
Setting a password (Google or Facebook users)
If you signed up through Google or Facebook, you don’t have an email password yet — but you can set one so you can also sign in with your email address.
- Go to Settings → Security
- Under Password, click Don’t have one yet? Set via email →
- Click Send code
- Open your email and copy the 6-digit verification code Viraly sent
- Enter the code and choose a new password
- Click Set password
From now on you can sign in with email and password or with your social provider — both work for the same account.
Passkeys
A passkey is a passwordless way to sign in using your fingerprint, face, screen lock, or a hardware security key. Passkeys are stored on your device or in your password manager (1Password, iCloud Keychain, Google Password Manager, etc.) and never leave it — that makes them resistant to phishing and credential leaks.
Adding a passkey
- Go to Settings → Security
- Under Passkeys, click Add a passkey
- Follow the prompt from your browser or password manager (Touch ID, Face ID, Windows Hello, security key, etc.)
- The passkey appears in your list with the date it was added
You can add multiple passkeys — for example, one on your laptop and one on your phone.
Signing in with a passkey
- On the sign-in page, enter your email
- Click Sign in with a passkey
- Confirm with your fingerprint, face, or security key
Removing a passkey
In the passkey list, click Remove next to the entry you want to delete. If it was your only sign-in method, you’ll need to keep at least one other way to sign in (password or social provider).
Custom-domain workspaces
Passkeys are tied to viraly.io for security reasons. They won’t work on a workspace that’s been white-labeled to a custom domain (for example, social.yourcompany.com). On a custom domain, the passkey card is hidden and we recommend turning on two-factor authentication instead. Your passkeys will continue to work normally on app.viraly.io.
Two-factor authentication
Two-factor authentication (2FA) adds a second step to email/password sign-in: a 6-digit code from an authenticator app. Even if someone learns your password, they can’t sign in without your phone.
Viraly uses time-based one-time passwords (TOTP) — the same kind every authenticator app supports: 1Password, Authy, Google Authenticator, Microsoft Authenticator, Bitwarden, and others.
Turning 2FA on
- Go to Settings → Security
- Under Two-factor authentication, click Enable 2FA
- Open your authenticator app and scan the QR code that appears (or paste the secret manually)
- Enter the 6-digit code your authenticator generates — it submits automatically when complete
- You’ll see a green confirmation: “Two-factor authentication is on.” Click Done
From now on, every email/password sign-in asks for the current 6-digit code as a second step.
Turning 2FA off
- Go to Settings → Security
- Under Two-factor authentication, click Disable
- Confirm
If you lose access to your authenticator
If you lose your phone or authenticator app, use the Forgot your password link on the sign-in page to reset your password — that flow bypasses 2FA via your verified email. After signing back in, you can re-enroll 2FA on a new device.
Signing out of every device
If you’ve signed in on a device you no longer have access to (lost laptop, old phone, shared computer), you can revoke every active session at once.
- Go to Settings → Security
- Click Sign out everywhere
- Confirm
You’ll be signed out of this browser too and prompted to sign in again. Anyone signed in elsewhere will be kicked out the next time they refresh.
Where to find each setting
| What you want to do | Where |
| Change your password | Settings → Security → Change password |
| Set a first password (Google/Facebook users) | Settings → Security → Set via email |
| Reset a forgotten password | Sign-in page → Forgot your password? |
| Add a passkey | Settings → Security → Add a passkey |
| Remove a passkey | Settings → Security → Remove (next to the passkey) |
| Turn on 2FA | Settings → Security → Enable 2FA |
| Turn off 2FA | Settings → Security → Disable |
| Sign out of all devices | Settings → Security → Sign out everywhere |