Skip to main content

What can we help you with?

Something seems different? We are busy implementing product changes based on your feedback! While we’re working on updating our Help Center, some information in this article might be temporarily out of date. Find out what’s new here.

Suspicious login activity and security tokens

This article explains how Personio protects your account from suspicious login activity. It also explains security tokens and what to do if your account becomes blocked. 

Understand suspicious login activity

Suspicious login activity refers to unusual attempts to access your Personio account. Personio watches for this activity and might block your account or IP address to keep your data safe. There are three types of suspicious events that trigger action:
  • Entering the wrong login credentials three times: this blocks your account.
  • Login attempts from different browsers or IP addresses: this blocks your account.
  • Multiple failed login attempts from the same IP address: this blocks the IP address.

Unblock your account

If your account becomes blocked, here's how to get back into it:

Scenario 1: you enter the wrong login credentials three times, and your account becomes blocked

If you enter the wrong login credentials three times, Personio blocks your account. To unblock it, you have two options:

  • Option 1: reset your password by clicking Forgot Password on the login page and log in again.
  • Option 2: use the unblock email that Personio sends you. The email includes the device IP address, login location, and an unblock button. Click the button and enter your current password to log in.

Scenario 2: Personio detects unusual login activity and blocks your account

If Personio notices unusual login activity, it blocks your account. You receive an email with a security token. Use this token to log in.

Scenario 3: Personio blocks your IP address

Personio blocks the IP address after multiple failed login attempts. If this happens, you don't receive a security token or unblock email. Instead, you need to contact your Administrator to resolve the issue. The Administrator needs to then contact Personio Support to unblock the IP address.

Understand and use security tokens

Security tokens add extra protection to your account. They are one-time codes Personio sends to your email when it detects certain types of suspicious activity. The token expires after 20 minutes. You need this token and your password to log in. You can't turn off this functionality.

Tip:
To avoid unnecessary security token emails, save Personio cookies in your browser. Add *.personio.com to your browser's cookie allowlist. For example, in Chrome, go to chrome://settings/cookies and add *.personio.com.

Log in using a security token

  1. Open the email containing the security token.
  2. Enter the one-time code during the login process.
  3. After entering the security token, you return to the main login page. Enter your email and current password again to complete the login.

Note:
If you get a security token email and don't recognize the activity, you should reset your password.

Help us improve. Is this page helpful?