Configuration
Settings: Security
5 min read
What it is
Security controls: change password, enable MFA (TOTP), view active sessions, audit log, login alerts, IP allowlist.
How to think about it
Security is non-optional. Enable MFA the moment you start trading real money.
Step-by-step
-
Change password
Current password + new password (min 12 chars, mixed case, numbers, symbols). Forces re-login on all devices.
-
Enable MFA
Setup MFA → scan QR with Google Authenticator/Authy/1Password → enter 6-digit code. From now on, login requires password + 6-digit code.
-
Active sessions
List of devices currently logged in with IP and last activity. Revoke any suspicious session.
-
Audit log
Last 90 days of security-sensitive actions: logins, password changes, API key changes, withdrawal address changes. Filterable.
-
Login alerts
Email or Telegram alert on every new login from an unrecognized device.
-
IP allowlist
Optional: restrict logins to specific IP addresses. For paranoid security.
Tips & pitfalls
- MFA is the single biggest security upgrade. 99% of account compromises are blocked by it.
- Use a hardware authenticator (Yubikey) for max security if your tier supports it.
- Review the audit log monthly — anything you don't recognize gets a password reset.
- Treat your account password like exchange API keys — never reuse.