Skip to content

AXITRAQ Security and Account User Manual

Version: 1.0 Last Updated: 2026-05-07 Applies to: AXITRAQ Web Platform (axitraq.app)

Table of Contents

  1. Introduction
  2. My Account Overview
  3. Managing Your Profile
  4. Accessing Your Profile
  5. Updating Your Display Name
  6. Changing Your Email Address
  7. Updating Your Phone Number
  8. Password Security
  9. Changing Your Password
  10. Choosing a Strong Password
  11. Setting Up Two-Factor Authentication
  12. Why Use Two-Factor Authentication
  13. Choosing an Authenticator Method
  14. Setting Up with an External Authenticator App
  15. Setting Up with the AXITRAQ Mobile App
  16. Logging In with Two-Factor Authentication
  17. Disabling Two-Factor Authentication
  18. Using Backup Codes
  19. What Are Backup Codes
  20. Storing Your Backup Codes
  21. Using a Backup Code to Log In
  22. Regenerating Backup Codes
  23. Trusted Devices
  24. What Is a Trusted Device
  25. Trusting a Device During Login
  26. Viewing Your Trusted Devices
  27. Revoking a Trusted Device
  28. Login History
  29. Reviewing Your Login Activity
  30. What to Look For
  31. Responding to Suspicious Activity
  32. Account Lockout and Recovery
  33. Why Accounts Get Locked
  34. What Happens During a Lockout
  35. Recovering from a Lockout
  36. Lost Authenticator Access
  37. Understanding Data Encryption
  38. Light and Dark Theme
  39. Signing Out
  40. Security Best Practices
  41. Frequently Asked Questions

Introduction

Your AXITRAQ account is the gateway to your organisation's asset management, inspections, jobs, and operational data. Keeping that account secure protects not only your information but also your company's workforce records, financial data, and compliance documents.

This manual covers everything you need to manage your account and maintain strong security habits within the AXITRAQ platform. Whether you are enabling two-factor authentication for the first time or reviewing your recent login history, you will find step-by-step instructions here.

My Account Overview

The My Account page is your central hub for personal settings and security. You can access it from the sidebar by selecting Account.

The page is organised into four tabs:

Tab Purpose
Profile Update your username, email address, phone number, and display name
Two-Factor Auth Enable, configure, or disable two-factor authentication
Devices View and manage devices that have been trusted to skip 2FA
Login History Review your recent login activity, including dates, IP addresses, and outcomes

Managing Your Profile

Accessing Your Profile

  1. Log in to AXITRAQ at axitraq.app.
  2. In the sidebar, select Account.
  3. You will land on the Profile tab by default.

Updating Your Display Name

Your display name is how your name appears throughout the platform, including in messages, audit logs, and assigned jobs.

  1. On the Profile tab, locate the Display Name field.
  2. Enter your preferred name.
  3. Select Save Changes.

Changing Your Email Address

Your email address is used for login notifications, password resets, and system alerts.

  1. On the Profile tab, locate the Email field.
  2. Enter your new email address.
  3. Select Save Changes.

Note: If your company uses email-based notifications, updating your email here ensures you continue to receive them.

Updating Your Phone Number

  1. On the Profile tab, locate the Phone field.
  2. Enter your updated phone number.
  3. Select Save Changes.

Password Security

Changing Your Password

  1. On the Profile tab, locate the password section.
  2. Enter your current password in the Current Password field.
  3. Enter your new password in the New Password field.
  4. Confirm the new password by entering it again.
  5. Select Save Changes.

Your new password takes effect immediately. You will not be logged out of your current session, but any other active sessions will require the new password.

Choosing a Strong Password

Follow these guidelines when setting a password:

  • Use at least 12 characters.
  • Include a mix of uppercase letters, lowercase letters, numbers, and special characters.
  • Avoid using personal information such as your name, birthday, or company name.
  • Do not reuse passwords from other websites or services.
  • Consider using a password manager to generate and store complex passwords securely.

Setting Up Two-Factor Authentication

Why Use Two-Factor Authentication

Two-factor authentication (2FA) adds a second layer of security to your account. After entering your password, you must also provide a temporary 6-digit code from an authenticator app. This means that even if someone obtains your password, they cannot access your account without your authenticator.

Company administrators and account owners may be required to have 2FA enabled. Your administrator can also enforce 2FA for all users in your organisation.

Choosing an Authenticator Method

When you enable 2FA, AXITRAQ offers two options:

Method Description
AXITRAQ Mobile App The AXITRAQ app on your phone acts as your authenticator. Codes appear automatically on the app's Home Screen. No QR code scanning required.
External Authenticator Use a third-party authenticator app such as Google Authenticator, Authy, or Microsoft Authenticator. You scan a QR code to set it up.

Both methods generate the same type of 6-digit code. You can use whichever is more convenient for you.

Setting Up with an External Authenticator App

  1. In the sidebar, select Account.
  2. Select the Two-Factor Auth tab.
  3. Select Enable Two-Factor Authentication.
  4. Choose External Authenticator from the method selection screen.
  5. A QR code will appear on screen, along with a text-based secret key displayed beneath it.
  6. Open your authenticator app (Google Authenticator, Authy, or Microsoft Authenticator) on your phone.
  7. In your authenticator app, add a new account:
  8. In Google Authenticator, tap the + button, then select Scan a QR code.
  9. In Authy, tap Add Account, then Scan QR Code.
  10. In Microsoft Authenticator, tap +, select Other account, then scan.
  11. Point your phone's camera at the QR code displayed in AXITRAQ.
  12. If you cannot scan the QR code, select the option to enter the key manually and type in the text-based secret key shown below the QR code.
  13. Your authenticator app will begin displaying a 6-digit code that refreshes every 30 seconds.
  14. Enter the current 6-digit code from your authenticator app into the verification field in AXITRAQ.
  15. Select Verify.
  16. If the code is correct, 2FA is now active on your account.
  17. You will be shown 8 backup codes. Write these down or save them in a secure location immediately. They will only be displayed once.

Setting Up with the AXITRAQ Mobile App

If you have the AXITRAQ mobile app installed on your phone, you can use it as your authenticator without scanning a QR code.

  1. In the sidebar, select Account.
  2. Select the Two-Factor Auth tab.
  3. Select Enable Two-Factor Authentication.
  4. Choose AXITRAQ App from the method selection screen.
  5. You will see a message: "Open the AXITRAQ mobile app and refresh the Home Screen."
  6. On your phone, open the AXITRAQ app and navigate to the Home Screen (pull down to refresh if needed).
  7. The app will detect the pending enrolment and display a 6-digit code with a countdown timer.
  8. Enter that 6-digit code into the verification field on the web.
  9. Select Verify.
  10. Once verified, 2FA is active. Your backup codes will be displayed. Save them securely.

From this point on, whenever you need a 2FA code to log in to the web, open the AXITRAQ app. Your current code will be visible on the Home Screen.

Logging In with Two-Factor Authentication

Once 2FA is enabled, your login process adds one additional step:

  1. Go to axitraq.app and enter your username and password as normal.
  2. After your credentials are verified, you will see a prompt: "Enter your 6-digit code."
  3. Open your authenticator app (AXITRAQ app or external authenticator) and read the current code.
  4. Enter the 6-digit code into the prompt.
  5. Select Verify.
  6. If correct, you will be logged in.

The code changes every 30 seconds. If your code expires before you enter it, wait for the next code and try again. AXITRAQ accepts codes within a short grace window, so a code that just expired may still work.

Disabling Two-Factor Authentication

If you need to disable 2FA (for example, to switch authenticator apps):

  1. Go to the Two-Factor Auth tab on the My Account page.
  2. Select Disable Two-Factor Authentication.
  3. Enter your current password to confirm your identity.
  4. Enter a valid 6-digit code from your authenticator app.
  5. Select Confirm.

Note: If your role is administrator or owner, your company's security policy may prevent you from disabling 2FA. Contact your platform administrator if you need assistance.

Using Backup Codes

What Are Backup Codes

When you enable two-factor authentication, AXITRAQ generates 8 single-use backup codes. These are emergency codes you can use to log in if you lose access to your authenticator app (for example, if your phone is lost, broken, or reset).

Each backup code can only be used once. After use, that code is permanently consumed.

Storing Your Backup Codes

Your backup codes are only displayed once, immediately after enabling 2FA. Treat them with the same care as a password.

Recommended storage methods:

  • Print them and store the printout in a locked drawer or safe.
  • Save them in a password manager.
  • Write them down and keep the paper in a secure, private location.

Do not store backup codes in an unencrypted file on your computer, in an email draft, or in a shared document.

Using a Backup Code to Log In

  1. On the login screen, enter your username and password.
  2. When prompted for your 6-digit code, look for the option to Use a backup code (this may appear as a link below the code entry field).
  3. Enter one of your unused backup codes.
  4. Select Verify.
  5. You will be logged in. That backup code is now used and will not work again.

After logging in with a backup code, set up your authenticator again as soon as possible, or regenerate your backup codes if your supply is running low.

Regenerating Backup Codes

If you have used several backup codes or want to generate a fresh set:

  1. Go to the Two-Factor Auth tab on the My Account page.
  2. Select Regenerate Backup Codes.
  3. Enter a valid 6-digit code from your authenticator app to confirm.
  4. A new set of 8 backup codes will be generated. All previous codes are invalidated.
  5. Save the new codes securely.

Trusted Devices

What Is a Trusted Device

When you log in with two-factor authentication, you can choose to trust the browser or device you are using. A trusted device will not ask for a 2FA code for 30 days, making future logins faster.

Trust is tied to a specific browser on a specific device. For example, trusting Chrome on your work laptop does not trust Safari on the same laptop, nor Chrome on your home computer.

Trusting a Device During Login

  1. Log in with your username, password, and 2FA code.
  2. After entering your code, you will see a checkbox or option labelled Trust this device (or Remember this device).
  3. Enable the option and complete the login.
  4. For the next 30 days, this browser will skip the 2FA prompt when you log in.

Only trust devices that are personally yours or assigned to you by your company. Do not trust shared or public computers.

Viewing Your Trusted Devices

  1. In the sidebar, select Account.
  2. Select the Devices tab.
  3. You will see a list of all devices currently trusted on your account, including:
  4. Browser name and version
  5. Operating system
  6. The date the device was trusted

Revoking a Trusted Device

If a device is lost, stolen, or no longer in your possession, you should revoke its trust immediately.

  1. On the Devices tab, find the device you want to revoke.
  2. Select Revoke next to that device.
  3. The device will be removed from your trusted list. The next login from that device will require a full 2FA code.

You can also revoke all trusted devices at once if you suspect your account has been compromised. This forces every device, including the one you are currently using, to re-authenticate with 2FA on the next login.

Login History

Reviewing Your Login Activity

The Login History tab gives you a record of recent login attempts, so you can verify that only you are accessing your account.

  1. In the sidebar, select Account.
  2. Select the Login History tab.
  3. You will see your last 30 login entries, each showing:
  4. Date and time of the login attempt
  5. IP address the login came from
  6. Device and browser information
  7. Result (successful login, failed attempt, or 2FA verification)

What to Look For

Review your login history periodically and look for:

  • Unfamiliar IP addresses that do not match your home, office, or mobile network.
  • Failed login attempts you did not make, which may indicate someone trying to guess your password.
  • Logins from unexpected locations or devices, particularly browsers or operating systems you do not use.
  • Logins at unusual times, such as the middle of the night.

Responding to Suspicious Activity

If you see login activity you do not recognise:

  1. Change your password immediately from the Profile tab.
  2. Revoke all trusted devices from the Devices tab.
  3. Regenerate your backup codes from the Two-Factor Auth tab (if 2FA is enabled).
  4. Notify your company administrator so they can investigate and, if necessary, take further action on your account.
  5. If you do not have 2FA enabled, enable it now to prevent future unauthorised access.

Account Lockout and Recovery

Why Accounts Get Locked

To protect against brute-force password guessing, AXITRAQ limits login attempts. If too many failed attempts are made from the same IP address, that IP is temporarily locked out.

The current limit is 10 failed login attempts within 15 minutes. This applies to both web and mobile logins.

What Happens During a Lockout

  • You will see a message indicating that your account has been temporarily locked due to too many failed attempts.
  • The lockout is applied to your IP address, not your user account. Other users at different locations can still log in.
  • The lockout lifts automatically after 15 minutes.

Recovering from a Lockout

  1. Wait 15 minutes. The lockout resets automatically.
  2. After the lockout period, try logging in again with the correct credentials.
  3. If you have forgotten your password, use the Forgot Password link on the login page.
  4. If you continue to have trouble, contact your company administrator for assistance.

Lost Authenticator Access

If you have lost access to your authenticator app and have no remaining backup codes:

  1. Contact your company administrator or account owner.
  2. They can reset your 2FA from the user management area (Manage > Users > Edit > [Your Name] > Reset 2FA).
  3. Once reset, you will be able to log in with just your password.
  4. Re-enable 2FA immediately after logging in to maintain your account security.

Understanding Data Encryption

What Data Is Encrypted

AXITRAQ uses encryption to protect sensitive employee information. The following types of data are encrypted at rest using customer-level encryption keys:

  • Licences and certificates (uploaded documents)
  • Qualifications and identification documents
  • Signatures

Additionally, the database itself is stored on encrypted storage, and all data in transit between your browser and AXITRAQ is encrypted via HTTPS.

How Encryption Works

AXITRAQ uses AES-256-GCM encryption, managed through AWS Key Management Service (KMS). Each company on the platform has its own unique encryption key. This means:

  • Your company's encrypted data can only be decrypted with your company's key.
  • Another company on the platform cannot access your data, even at the infrastructure level.
  • Encryption and decryption happen automatically when you upload or download sensitive documents. You do not need to take any manual steps.

Your Role in Data Security

While encryption protects data at rest and in transit, you play a role in keeping information secure:

  • Do not share your login credentials with anyone.
  • Do not download sensitive documents to shared or public computers.
  • Always sign out when you are finished, especially on shared devices.
  • Report any suspected data breaches to your administrator immediately.

Light and Dark Theme

AXITRAQ supports both light and dark display themes, allowing you to choose the appearance that is most comfortable for your working environment.

Switching Themes

  1. In the sidebar, locate the Theme toggle. It is represented by a sun and moon icon near the bottom of the sidebar.
  2. Select the toggle to switch between light and dark mode.
  3. The change takes effect immediately and is saved to your account, so your preference will persist across sessions and devices.

Dark mode is particularly useful for reducing eye strain in low-light environments or during night shifts.

Signing Out

Signing Out from the Web

Always sign out when you are finished working in AXITRAQ, especially if you are using a shared or public computer.

  1. In the sidebar, select Sign Out at the bottom of the menu.
  2. You will be returned to the login page.
  3. Your session is terminated on the server. Simply closing the browser tab does not sign you out.

When to Sign Out

You should sign out in the following situations:

  • When you are done working for the day on a shared workstation.
  • When you are stepping away from your computer in a public or open environment.
  • When you are handing your device to someone else temporarily.
  • When you suspect your session may have been compromised.

If you are on a personal device in a secure environment, you may choose to stay logged in. Sessions expire automatically after 24 hours of inactivity.

Security Best Practices

Here is a summary of recommended habits to keep your AXITRAQ account and your company's data safe:

  1. Use a strong, unique password. Do not reuse passwords from other services.
  2. Enable two-factor authentication. This is the single most effective step you can take to secure your account.
  3. Store your backup codes securely. Treat them like a spare key to your account.
  4. Review your login history regularly. Look for unexpected activity at least once a month.
  5. Only trust personal devices. Never mark a shared or public computer as trusted.
  6. Revoke lost devices promptly. If a trusted device is lost or stolen, revoke it from the Devices tab immediately.
  7. Sign out on shared computers. Do not rely on closing the browser to end your session.
  8. Keep your email address current. Your email is used for account recovery and security notifications.
  9. Report suspicious activity. If something looks wrong, notify your administrator without delay.
  10. Do not share credentials. Each person should have their own AXITRAQ account.

Frequently Asked Questions

Q: Can I use more than one authenticator app? A: Your account has one TOTP secret at a time. You can scan the QR code with multiple authenticator apps during setup (before verifying), and all of them will generate valid codes. However, once setup is complete, you cannot add another app without disabling and re-enabling 2FA.

Q: What happens if I get a new phone? A: If you used the AXITRAQ mobile app, simply log in to the app on your new phone. The app will sync your authenticator automatically. If you used an external authenticator (like Google Authenticator), you will need your backup codes to log in, then disable and re-enable 2FA to set up the new device. Some authenticator apps (like Authy) offer cloud backup, which can transfer your codes automatically.

Q: Does the AXITRAQ mobile app require 2FA to log in? A: No. The AXITRAQ mobile app on phones (iOS and Android) bypasses 2FA during login because the phone itself is considered a trusted possession factor, especially when combined with biometric unlock (Face ID or fingerprint). Tablets, however, do require 2FA.

Q: Can my administrator see my password? A: No. Passwords are stored using one-way hashing. No one, including administrators and platform support, can view your password. If you forget it, it must be reset.

Q: How long does a session last? A: Web sessions last 24 hours. After that, you will be prompted to log in again.

Q: I am an administrator. Can I turn off my own 2FA? A: If your company's security policy enforces 2FA for administrators and owners, you will not be able to disable it yourself. Contact AXITRAQ platform support if you have a specific need.

Q: What is CSRF protection? A: Cross-Site Request Forgery (CSRF) protection is a security measure built into every form in AXITRAQ. It prevents malicious websites from making requests on your behalf. You do not need to do anything to benefit from this protection — it works automatically.

Q: Are my audit logs permanent? A: Yes. All significant actions in AXITRAQ (logins, record changes, deletions) are logged with a timestamp, user ID, and description. Audit logs are retained for compliance purposes and cannot be edited or deleted by any user.

Q: What is soft delete? A: When records such as jobs, parts, or invoices are deleted in AXITRAQ, they are not permanently removed from the database. Instead, they are marked as deleted (soft delete) and hidden from normal views. This preserves the audit trail and allows recovery if needed. Only platform administrators can manage soft-deleted records.

AXITRAQ Security and Account Manual — Aditech Pty Ltd — 2026-05-07