diff --git a/app/templates/views/security.html b/app/templates/views/security.html
index 25a15226c..49b133b43 100644
--- a/app/templates/views/security.html
+++ b/app/templates/views/security.html
@@ -44,9 +44,20 @@
       <li>protective monitoring to record activity, and raise alerts about any suspicious activity</li>
       <li>using JSON Web Tokens, to avoid sending API keys when your service talks to Notify</li>
     </ul>
-
-    <h2 class="heading-medium">User permissions</h2>
+    
+    <h3 class="heading-small">Protect sensitive information</h3>
+    <p>Some messages include sensitive information like security codes or password reset links.</p>
+    <p>If you’re sending a message with sensitive information, you can choose to hide those details on the Notify dashboard once the message has been sent. This means that only the message recipient will be able to see that information.</p>
+    
+    <h2 class="heading-medium">User permissions and signing in</h2>
     <p>You can set different user permissions in Notify. This lets you control who in your team has access to certain parts of the service.</p>
+    <h3 class="heading-small">Two-factor authentication</h3>
+    <p>To sign in to Notify, you’ll need to enter:</p>
+    <ul class="list list-bullet">
+      <li>your email address and password</li>
+      <li>a text message code that Notify sends to your phone</li>
+    </ul>
+    <p>If receiving text messages at work is a problem for your team, <a href="https://www.notifications.service.gov.uk/">contact us</a> about using an email link instead.</p>
 
     <h2 class="heading-medium">Information risk management</h2>
     <p>Our approach to information risk management follows National Cyber Security Centre (NCSC) guidance. It assesses:</p>