Your Security Responsibilities
XamanProtocol implements strong platform-side security (encrypted databases, HTTPS, rate limiting, etc.). However, the most common account compromises happen at the user level through weak passwords, phishing, or credential reuse. Your security practices are equally important.
Password Security
- Use a password of at least 12–16 characters
- Include uppercase, lowercase, numbers, and symbols
- Never reuse passwords from other websites
- Store your password in a reputable password manager
- Change your password immediately if you suspect compromise
Enable Two-Factor Authentication
2FA adds a code requirement on top of your password for every login. Even if someone steals your password, they cannot log in without your 2FA device.
Setup: Dashboard → Settings → Security → Enable 2FA
Use an authenticator app (Google Authenticator, Authy, 1Password) — not SMS-based 2FA, which can be compromised via SIM-swap.
Recognizing Legitimate XamanProtocol Communications
Official XamanProtocol communications:
- Come from verified platform email domains
- Never ask for your password
- Never ask for your 2FA code
- Never ask for your private keys or seed phrases
- Never ask you to 'verify' your account by entering credentials via a link
If you receive any communication that asks for the above, it is a phishing attempt. Do not click any links — go directly to the platform by typing the URL.
What to Do If Compromised
If you believe your account has been accessed without your authorization:
- Immediately change your password from a secure device.
- Navigate to Settings → Security → Active Sessions and revoke all sessions.
- Change your email account password as well.
- Enable 2FA if you haven't already.
- Contact support immediately and report the incident.
- Check your activity feed for any unauthorized withdrawals or staking changes.