Confirming Sensitive Actions

Why Luma sometimes asks you to confirm a code before certain actions, even when you’re already signed in.

For certain higher-risk actions, Luma asks you to confirm it’s really you with a one-time code — even though you’re already signed in. When this happens, you’ll see a Confirm Access prompt before the action goes through.

This is an extra checkpoint on a small set of actions that could do real harm if someone else got into your account, such as exporting personal data about your guests and members, changing how you sign in, or managing payouts.

How It Works

When you start one of these actions, Luma shows a Confirm Access prompt and sends you a verification code.
If your account has a phone number, the code is sent by text or WhatsApp. Otherwise, it’s emailed to you.
Enter the code to continue.

Once you’ve confirmed, you won’t be asked again for a short window, so you can complete a few of these actions in a row without re-entering a code each time. Codes expire after a while — if yours has, just request a new one.

Why We Do This

Being signed in shows that you logged in at some point — it doesn’t prove the person taking an action right now is you. If someone gained access to a device where you’re already signed in, this step stops them from taking the most damaging actions without also having access to your phone or email.

In other words, it’s a second lock on the actions that would hurt the most if your account were ever compromised, so a stolen session alone isn’t enough.

If the Code Doesn’t Arrive

Phone codes: see SMS / WhatsApp Messages for how to reactivate messages to your number.
Email codes: check your spam folder, and make sure the email on your account is current.

If you’ve recently changed your phone number or email, update it in your account settings so codes reach you.