Settings
Manage your account and API keys
Account Information
No API Keys
Create an API key to use with CLI tools or ShareX.
Create API Key
Save this key! It won't be shown again.
Change Password
Changing your password will re-encrypt your master key. Your images will remain accessible.
Two-factor authentication
Adds a TOTP code (e.g. Google Authenticator, 1Password, Authy) on top of your password at sign-in. Strongly recommended.
Click below to enroll. You'll scan a QR code (or paste a secret) into your authenticator app, then confirm a code to activate MFA.
MFA is active on this account. To disable, you'll need both your password and a current TOTP/backup code.
Scan the QR code with your authenticator app (or paste the manual entry key below if your app can't scan), then enter the 6-digit code it shows to activate MFA. The secret is shown ONCE — back it up now or you'll need to start enrollment over.
Show otpauth URI (for QR-import tools or troubleshooting)
Recovery Phrase
A 24-word phrase that lets you recover access to your encrypted images if you forget your password. Without it, a forgotten password means losing all your images.
Click below to generate your recovery phrase. You'll need your account password to unlock the encryption key first — the phrase is computed in your browser and the server never sees it.
You already have a recovery phrase enrolled. You can rotate it (generate a fresh phrase) below — your old phrase will stop working immediately.
Enter your account password so your browser can unlock the master encryption key (the key the new phrase will wrap).
Quick check: type the words at these positions to confirm you wrote the phrase down. (We can't help if you typed it wrong — please double-check before continuing.)
Active Sessions
Manage your active login sessions across devices
Danger Zone
Permanently delete your account and all associated data:
- All your encrypted images and thumbnails
- All your albums (your sharing links will 404)
- All your API keys (any ShareX/CLI integrations will stop working)
- Your master-key wrap and recovery wrap
Audit log entries are preserved for operator forensics but become anonymized (no longer attributed to your account by FK).
This cannot be undone. By E2EE design, even the operator cannot recover deleted images — the per-image keys live only in your browser.