Why Account Security Matters
XamanProtocol holds your crypto assets on your behalf. If someone gains unauthorized access to your account, they could request withdrawals, change account settings, or compromise your funds. Strong security practices are your first and most important defence.
Use a Strong, Unique Password
Your password should be:
- At least 12 characters long
- A mix of uppercase, lowercase, numbers, and symbols
- Not used on any other website or service
- Not based on personal information (name, birthday, etc.)
Use a password manager (Bitwarden, 1Password, or similar) to generate and store a strong unique password.
Enable Two-Factor Authentication
2FA adds a second layer of protection beyond your password. Even if someone obtains your password, they cannot log in without your 2FA device. Enable it at Dashboard → Settings → Security. We strongly recommend using an authenticator app (Google Authenticator, Authy) rather than SMS-based 2FA.
Recognize Phishing Attempts
Phishing is when attackers impersonate XamanProtocol to steal your credentials. Always:
- Check the URL is exactly xamanprotocol.com or your platform domain
- Never click links in unsolicited emails claiming to be from XamanProtocol
- XamanProtocol will NEVER ask for your password, 2FA code, or private keys via email or support chat
- When in doubt, open the platform by typing the URL directly in your browser
Secure Your Email Account
Your email account is the recovery key for your XamanProtocol account. If someone accesses your email, they may be able to reset your password. Secure your email with a strong password and 2FA as well.