Configuration

Settings: Security

5 min read

What it is

Security controls: change password, enable MFA (TOTP), view active sessions, audit log, login alerts, IP allowlist.

How to think about it

Security is non-optional. Enable MFA the moment you start trading real money.

Step-by-step

  1. Change password

    Current password + new password (min 12 chars, mixed case, numbers, symbols). Forces re-login on all devices.

  2. Enable MFA

    Setup MFA → scan QR with Google Authenticator/Authy/1Password → enter 6-digit code. From now on, login requires password + 6-digit code.

  3. Active sessions

    List of devices currently logged in with IP and last activity. Revoke any suspicious session.

  4. Audit log

    Last 90 days of security-sensitive actions: logins, password changes, API key changes, withdrawal address changes. Filterable.

  5. Login alerts

    Email or Telegram alert on every new login from an unrecognized device.

  6. IP allowlist

    Optional: restrict logins to specific IP addresses. For paranoid security.

Tips & pitfalls

  • MFA is the single biggest security upgrade. 99% of account compromises are blocked by it.
  • Use a hardware authenticator (Yubikey) for max security if your tier supports it.
  • Review the audit log monthly — anything you don't recognize gets a password reset.
  • Treat your account password like exchange API keys — never reuse.