Skip to main content
All CollectionsHot Topics
Best practices for account security
Best practices for account security
Sasha avatar
Written by Sasha
Updated over a week ago

We at Kriptomat firmly believe that prevention is the key to maintaining account security and keeping anyone from accessing your valuable assets and personal details, therefore, we have compiled a list of steps to take before commencing your cryptocurrency investment journey.


This may sound pretty obvious to most but we’re all human here and we tend to forget the holy grail of online security - passwords. The password that you use to secure any online account is the first and outermost layer of the protective barrier, which means that it holds immeasurable importance.

You will have also heard the good old advice of never using the same password twice, making sure that the password is complex, unique and contains lower and upper case letters, numbers, special characters etc. In 2023, however, we’re willing to bet that the average user will have over 10 different passwords that they use for accounts on multiple platforms and multiple devices. So how does one simplify the process of creating passwords while making sure to still maintain optimal security?

There are countless apps created for just that purpose and they are called password managers. A password manager is like a virtual, high-tech storage unit for all of your passwords, with one Master Password that unlocks the app for you to use. It not only stores all of your passwords but regularly reminds you to update them and allows you to generate the password directly through the app. A popular one you may have even encountered - Dashlane - boasts full data encryption, without ever storing or transmitting your Master Password.

We enthusiastically encourage you to upgrade to a password management system in order to make the process of storing, updating, and remembering passwords less complicated and more organized.

2-factor authentication

Although not as primordial as passwords, 2-factor authentication is a revolutionary second line of defense and we here at Kriptomat never go a day without it. The same applies for our users, whereby each time they log in to their accounts after entering their password, a second code is required in order to access the account.

There are two different types of 2-factor authentication steps that we offer on Kriptomat, the first being via a one-time numeric code sent to your mobile device via SMS or - our personal favorite - Google 2-factor authentication via the Google Authenticator app.

Both of these steps ensure added safety to your account, however, we swear by the Google 2-factor authentication method for the following reasons:

  1. Google Authenticator is an offline operation that generates one-time passwords (OTP) on your device without requiring an internet connection. This reduces the risk of an attack or sensitive data leakage over the network.

  2. SMS OTPs are sent to your mobile phone number, which can fall prey to SIM-swapping attacks. In a SIM swap attack, an attacker convinces your mobile service provider to transfer your phone number to their SIM card, allowing them to intercept your SMS messages, including OTPs. Google Authenticator operates independently of your phone number, eradicating any risk of such an attack.

  3. You can install Google Authenticator on multiple devices, therefore, allowing for greater accessibility of OTPs. Should you not have your phone with you, you can always use Google Authenticator on your laptop. You can also use multiple platforms with the app.

  4. SMS OTP delivery relies on cellular networks, which can sometimes be unreliable or experience delays, especially if you are traveling and your device is in roaming. This can be extremely inconvenient, as it literally prevents you from logging in to your Kriptomat account.

Google 2-factor authentication can be enabled very easily in your Kriptomat account, all you need to do is download the app on your phone and make sure to save the recovery key! If you lose your device and subsequently lose access to your app, this is the key that will enable you to recover all OTPs once you download the app again.

Phishing - an extreme sport

There is no easier way to lose your assets than to fall victim to a phishing attack, and they are everywhere! Phishing attempts can be made via email or text or even on certain websites. If you see an email claiming that you have an unpaid bill, an outstanding warrant or need to upgrade a computer program that you don’t even remember downloading from a suspicious looking email address or number, report this immediately and block the contact!

Never ever - and we mean never - disclose any kind of sensitive information, such as personal information, credit card numbers, bank account numbers, login credentials, or access codes to anybody.

Believe us when we say that no regulations-adhering companies are authorized to request such information from you without properly implementing safety procedures. You are not going to get arrested if you do not pay a parking ticket that [email protected] or a similar email address alerted you about via email. And no payments to any Princes in grave danger living across the ocean - we mean it!

Broker/investment advisor fraud

This one hits home for us. There is no disappointment greater for our team than receiving an email or live chat from a user who has entrusted an individual or company claiming to be a broker or investment advisor with their funds, and subsequently lost it all within the blink of an eye. Kriptomat implements countless of security measures to prevent this from happening, nevertheless, free will is free will; even in the financial services industry. We cannot physically prevent our users from trusting fraudsters, therefore, we aim to educate.

Although we notify every single user upon creation of their account (and unlimited times after) of the following, we urge you to, once more, remember that:

  1. We are not affiliated with any brokers or investment advisors. Working within websites like KontoFX, ProuFX, GiroFX, Libra Markets, Olympia Markets, Grandefex, Bilin Capital, Blix Group, Ismart Group Limited, WDC Markets, AVEX Capital and similar can potentially cause you financial damage. If someone contacts you as a broker or a representative of our company, report this immediately to our team via [email protected].

  2. We will never contact you on your phone number. If someone contacts you, report that phone number to our team via [email protected].

  3. Do not share your Kriptomat account credentials with anyone. We will never ask you to disclose your password with us.

  4. All of our emails are sent from the domain name Do not trust email messages sent from any other domain, such as ".com", ".net", ".org", etc.

Network safety

We always advise extra caution when using public or unsecured WiFi networks, in fact, we discourage it if possible.

Accessing your Kriptomat account while on a public network can lead to its compromise, therefore, we recommend leaving your cryptocurrency investment endeavors for a time when you can access a safe and known connection or use your own mobile data. Anti-virus programs will also further reinforce network safety and are highly obtainable.

We also always encourage our users to monitor their accounts and pay close attention to any executed transactions, which can easily be checked via the account History section. We are here to help should you notice any suspicious activity within your account, all you need to do is drop us a line at [email protected].

Our security procedures are constantly updated and we strive to do the hard work for our users, however, in the financial services industry, one can never be too careful.

We urge all users to stay informed on developments on security procedures, as well as potential threats, on a frequent basis, so that you can continue to flourish in your cryptocurrency investment ventures.


Would you like to see more? We appreciate your valued feedback and would like to hear what Hot Topics in the cryptocurrency realm you would like to explore!

Don’t be shy, drop us your feedback at [email protected], or if you have any other dilemmas. You never know, it might be that your question is the next headline of Hot Topics 🚀 🧑‍🚀

Did this answer your question?