Help CenterSecurity
Security6 min read

Account Security

Comprehensive guide to securing your XamanProtocol account against unauthorized access.

Your Security Responsibilities

XamanProtocol implements strong platform-side security (encrypted databases, HTTPS, rate limiting, etc.). However, the most common account compromises happen at the user level through weak passwords, phishing, or credential reuse. Your security practices are equally important.

Password Security

  • Use a password of at least 12–16 characters
  • Include uppercase, lowercase, numbers, and symbols
  • Never reuse passwords from other websites
  • Store your password in a reputable password manager
  • Change your password immediately if you suspect compromise

Enable Two-Factor Authentication

2FA adds a code requirement on top of your password for every login. Even if someone steals your password, they cannot log in without your 2FA device.

Setup: Dashboard → Settings → Security → Enable 2FA

Use an authenticator app (Google Authenticator, Authy, 1Password) — not SMS-based 2FA, which can be compromised via SIM-swap.

Recognizing Legitimate XamanProtocol Communications

Official XamanProtocol communications:

  • Come from verified platform email domains
  • Never ask for your password
  • Never ask for your 2FA code
  • Never ask for your private keys or seed phrases
  • Never ask you to 'verify' your account by entering credentials via a link

If you receive any communication that asks for the above, it is a phishing attempt. Do not click any links — go directly to the platform by typing the URL.

What to Do If Compromised

If you believe your account has been accessed without your authorization:

  1. Immediately change your password from a secure device.
  2. Navigate to Settings → Security → Active Sessions and revoke all sessions.
  3. Change your email account password as well.
  4. Enable 2FA if you haven't already.
  5. Contact support immediately and report the incident.
  6. Check your activity feed for any unauthorized withdrawals or staking changes.

Frequently Asked Questions

How do I revoke active sessions?+
Go to Dashboard → Settings → Security → Active Sessions. You can revoke individual sessions or sign out from all devices at once.
What if I lose my 2FA device?+
Contact support immediately. You will need to verify your identity through alternative methods to regain account access. This is why saving 2FA backup codes is critical.
Does XamanProtocol lock my account after failed login attempts?+
Yes. Multiple failed login attempts trigger a temporary account lock to prevent brute-force attacks.

More in Security

Didn't find what you were looking for?