Altitude accounts and workspaces use an enterprise security model with multiple credentials per account and self-custodial workspace authorization. Newer accounts and workspaces are on this model from the start; older ones complete a one-time upgrade.
Workspaces are self-custodial: only their own members can authorize changes, including the upgrade itself. Altitude can't run the upgrade for you.
An admin is a team member with full Propose, Approve, and Submit rights. Whether one admin can carry a proposal through alone depends on the workspace's Approval Threshold. The steps below note which right is needed at each point.
Who needs to upgrade
The enterprise security model became the default for new accounts and workspaces in May 2026.
Newer workspaces: no action. Workspaces created on or after May 4, 2026 are already on the new model.
Older workspaces: complete the one-time upgrade. It has two parts: a personal upgrade for each team member with an older account (prompted at next sign-in), and a workspace upgrade submitted from Settings → Security.
Newer member accounts: no personal upgrade needed, even in an older workspace.
What enterprise security includes
Each personal account is protected by three credentials with distinct roles:
Primary key (passkey or security key). The main credential used to sign in and to authorize workspace actions. Use either a passkey (stored on your device or in a password manager, unlocked with Touch or Face ID) or a hardware security key like a YubiKey.
Primary email (two-factor authentication). A second factor used at sign-in and, more importantly, when approving payments, transactions, and other security-sensitive actions. Always required alongside the primary key if no session exists.
Recovery email. A backup address used to regain access if the primary email is lost or its domain is compromised. Must be on a different domain than the primary email (for example, a personal address rather than a work alias) so a single domain compromise doesn't affect both.
These layers protect against single-point faliure. A hacked primary email isn't enough on its own, since an attacker would still need the primary key on the team member's device or access to the recovery email. And losing the primary email doesn't lock the account out: the passkey and or the recovery email is enough to recover.
Upgrade your account
If your account is on the old model, you'll be prompted to complete a short setup the next time you sign in. It takes about two minutes.
You'll be asked to:
Set up a primary key. Create a passkey on your device or in a password manager, or register a hardware security key like a YubiKey.
Add a recovery email and verify it with a 6-digit code sent to that address.
Your existing email automatically becomes your 2FA. Altitude sends verification codes to it when you approve actions, so no separate setup is needed.
Note: Setup requires a passkey-capable device, a password manager, or a hardware security key.
Upgrade your workspace
The workspace upgrade runs through the standard proposal flow. Find it in Settings → Security, alongside your Approval Threshold.
The flow:
A team member with Propose rights presses Start upgrade, creating the proposal.
Members with Approve rights press Approve until the Approval Threshold is met.
Once the Approval Threshold is met it will take a few hours to prepare the upgrade. Once your workspace is ready, you’ll see a “Finish upgrade” button appear. Please come back and click it to complete the upgrade, which is only available to members with Submit rights.
The proposal expires about a week after creation. If it expires, a Propose-rights member can start a new one from the same page. The workspace upgrade doesn't wait on every member's personal upgrade.
What happens to pending proposals
When the workspace upgrade is submitted, all pending actions (workspace settings, payments and treasury actions) are canceled. Any that are still needed must be re-created after the upgrade and approved fresh under the new authorization.
Activity during the upgrade
While the workspace upgrade is pending, the following actions are paused:
Member and approval settings
Swaps
Transfers between accounts with different currencies
Same-currency transfers and the rest of the app remain available.
Troubleshooting
Your recovery email is on the same domain as your primary. Use a personal address or another work domain.
Need more information? For questions, contact [email protected] ✉️