Talent account security
What you control to keep your WeRemoteIT talent account safe. Platform protections (database rules, API checks) are run by our team — your job is session and identity hygiene.
Bottom line
Use a real email + email 2FA. Link Telegram to that account. Run /sync_profile after linking. Sign out on shared devices. Never share magic login links.
Do this today
| Action | Why |
|---|---|
Real email signup (not only tg_*@weremoteit.com) | Recover access if you lose Telegram; the tg_* address is not a real inbox. |
| 2FA on your email | Password resets go to your inbox — protect it. |
| Unique strong password (even with Google login) | Backup sign-in if OAuth has issues. |
| Link Telegram to your portal account | Bot menu → Open Web App → sign in with real email → “Linked to Telegram” → send /sync_profile in the bot. |
Telegram Desktop: Type commands like /sync_profile in the message field and send — grey code blocks often copy instead of run.
Every time you use the bot or portal
- Never share magic links, browser-login links, or one-time tokens
- Close the Mini App after sensitive work
- Sign out on shared devices
- Run
/sync_profileafter linking or email changes - Run
/diagnoseif something feels wrong (read-only)
Red flags — stop and contact support
- Jobs or applications you did not submit
- Emails about messages you did not send
/diagnoseshows multiple profiles or someone else’s data- Bot says Telegram is linked to another account
Contact support@weremoteit.com or type support in the bot. Do not keep using a session you do not trust.
Quick reference
| Goal | Steps |
|---|---|
| Safe signup | Real email → unique password → email 2FA |
| Telegram + portal | Open Web App → sign in → link → /sync_profile |
| Lost Telegram | Portal email/password login → re-link new Telegram from bot |
| Shared device | Sign out when done |
What we handle (not your job)
Database access rules, API authorization, webhook security, and secret rotation — you do not configure these. Your focus is protecting your login session.
What we do not do automatically
- Force logout after every idle period
- Block “impossible travel” logins
- Check your password against breach lists
- Email you on every new device login
Use a password manager + email 2FA + manual sign-out for stronger personal protection.
More detail: Support · Telegram linking (operators): repo docs/telegram-linkage.md