Skip to main content

Security Settings

Protect your Ethikal account with strong security measures and best practices.

Password Security

Change Password

  1. Go to Account Settings > Security
  2. Click Change Password
  3. Enter current password
  4. Enter new password
  5. Confirm new password
  6. Click Update Password

Password Requirements:

  • ✓ Minimum 12 characters
  • ✓ At least one uppercase letter
  • ✓ At least one lowercase letter
  • ✓ At least one number
  • ✓ At least one special character
  • ✓ Not previously used
  • ✓ Not a common password

Password Strength:

New Password: [________________]

Strength: ▓▓▓▓▓▓▓▓░░ Strong

✓ Long enough
✓ Has uppercase
✓ Has lowercase
✓ Has numbers
✓ Has special characters
⚠ Consider adding more variety

Password Best Practices

Do:

  • ✅ Use a unique password
  • ✅ Use a password manager
  • ✅ Change regularly (every 3-6 months)
  • ✅ Mix characters, numbers, symbols
  • ✅ Make it at least 16 characters

Don't:

  • ❌ Reuse passwords
  • ❌ Use personal information
  • ❌ Share your password
  • ❌ Write it down (except secure vault)
  • ❌ Use dictionary words

Two-Factor Authentication (2FA)

Enable 2FA

Highly Recommended for account security!

Using Authenticator App

  1. Click Enable 2FA
  2. Download authenticator app:
    • Google Authenticator
    • Authy
    • Microsoft Authenticator
    • 1Password
  3. Scan QR code
  4. Enter 6-digit code
  5. Save recovery codes
Enable 2FA
━━━━━━━━━━━━━━━━━━━

Step 1: Scan QR Code

┌─────────────┐
│ [QR  CODE]  │
│             │
│             │
└─────────────┘

Or enter key manually:
ABCD 1234 EFGH 5678 IJKL 9012

Step 2: Enter Code

Code: [______]

[Cancel] [Enable 2FA]

Using SMS

  1. Click Enable SMS 2FA
  2. Enter phone number
  3. Receive verification code
  4. Enter code
  5. Confirm

Note: Authenticator apps are more secure than SMS.

Recovery Codes

Important: Save these codes!

Recovery Codes
━━━━━━━━━━━━━━━━━━━

Use these if you lose access to your
authenticator app. Each code can be
used only once.

1. A1B2-C3D4-E5F6
2. G7H8-I9J0-K1L2
3. M3N4-O5P6-Q7R8
4. S9T0-U1V2-W3X4
5. Y5Z6-A7B8-C9D0
6. E1F2-G3H4-I5J6
7. K7L8-M9N0-O1P2
8. Q3R4-S5T6-U7V8
9. W9X0-Y1Z2-A3B4
10. C5D6-E7F8-G9H0

[Download] [Print] [Copy All]

⚠️ Store these in a safe place!

Storage Options:

  • Password manager
  • Encrypted file
  • Safe deposit box
  • Secure physical location

Manage 2FA

Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━

Status: ✓ Enabled
Method: Authenticator App
Enabled: Dec 6, 2025

[View Recovery Codes]
[Change Method]
[Disable 2FA]

Backup Methods:
• SMS to •••-•••-1234 [Remove]
• Email to u•••@example.com [Remove]

[Add Backup Method]

Active Sessions

View Sessions

See all devices where you're logged in:

Active Sessions
━━━━━━━━━━━━━━━━━━━

This Device
MacBook Pro • Chrome • macOS
San Francisco, CA • 192.168.1.100
Last active: Now
[End Session]

iPhone 14 Pro
Mobile • Safari • iOS 17
San Francisco, CA • 192.168.1.101
Last active: 5 minutes ago
[End Session]

Windows PC
Desktop • Edge • Windows 11
New York, NY • 203.0.113.42
Last active: 2 hours ago
⚠️ Unfamiliar location?
[End Session]

[End All Other Sessions]

Security Recommendations

Review Regularly:

  • Check active sessions weekly
  • End unknown sessions immediately
  • Look for suspicious locations
  • Verify device types

If You See Suspicious Activity:

  1. End that session immediately
  2. Change your password
  3. Enable 2FA if not already
  4. Review recent account activity
  5. Contact support if needed

Login History

Recent Logins

Track all login attempts:

Login History
━━━━━━━━━━━━━━━━━━━

✓ Successful Login
Dec 6, 2025 at 2:34 PM
Chrome on macOS • San Francisco, CA
IP: 192.168.1.100

✓ Successful Login
Dec 6, 2025 at 9:15 AM
Safari on iOS • San Francisco, CA
IP: 192.168.1.101

✗ Failed Login
Dec 5, 2025 at 11:47 PM
Chrome on Windows • Unknown Location
IP: 203.0.113.99
⚠️ Suspicious activity

✓ Successful Login
Dec 5, 2025 at 6:22 PM
Chrome on macOS • San Francisco, CA
IP: 192.168.1.100

[View All] [Export History]

Failed Login Alerts

Automatic Alerts for:

  • Multiple failed login attempts
  • Login from new location
  • Login from new device
  • Unusual login times

Security Notifications

Alert Preferences

Security Alerts
━━━━━━━━━━━━━━━━━━━

Email Alerts:
☑ Login from new device
☑ Password changes
☑ 2FA changes
☑ Failed login attempts (3+)
☑ Account settings changes
☑ New wallet connected
☑ Large data value transactions

SMS Alerts:
☑ Password changes
☑ 2FA disabled
☐ Login from new device
☐ Failed login attempts

Push Notifications:
☑ Password changes
☑ 2FA changes
☐ Login from new device

Account Recovery

Recovery Methods

Set up multiple recovery options:

Account Recovery Options
━━━━━━━━━━━━━━━━━━━━━━━

Primary Email
u••••@example.com ✓ Verified
[Change]

Recovery Email
backup@example.com ✓ Verified
[Change] [Remove]

Phone Number
+1 •••-•••-1234 ✓ Verified
[Change] [Remove]

Recovery Codes
10 unused codes
[View Codes]

[Add Recovery Method]

Recovery Process

If you lose access to your account:

  1. Go to login page
  2. Click Forgot Password?
  3. Enter email or username
  4. Check email for recovery link
  5. Follow instructions
  6. Set new password
  7. Re-enable 2FA if needed

Required for Recovery:

  • Access to recovery email, OR
  • Recovery codes, OR
  • Phone number with SMS

Privacy & Security

Connected Applications

Review third-party app access:

Connected Applications
━━━━━━━━━━━━━━━━━━━━━

Privacy Analytics Tool
Access: Read privacy data
Granted: Dec 1, 2025
Last used: 5 hours ago
[Revoke Access]

NFT Gallery
Access: Read NFT collection
Granted: Nov 28, 2025
Last used: Yesterday
[Revoke Access]

Data Export Tool
Access: Read all data
Granted: Nov 15, 2025
Never used
[Revoke Access]

[Review All Apps]

API Key Security

Best Practices:

  • Rotate keys regularly
  • Use test keys for development
  • Never commit keys to code
  • Restrict key permissions
  • Monitor key usage
API Key Usage
━━━━━━━━━━━━━━━━━━━

sk_live_abc123...xyz789

Last 24 Hours:
• 247 requests
• 0 errors
• All from 192.168.1.100

⚠️ Unusual activity detected:
• 50 requests from new IP
• Review and rotate key?

[View Details] [Rotate Key]

Security Checklist

Essential Security

  • Strong, unique password set
  • Two-factor authentication enabled
  • Recovery codes saved securely
  • Recovery email verified
  • Active sessions reviewed
  • Login history checked

Advanced Security

  • Password manager in use
  • Hardware wallet for NFTs
  • API keys rotated regularly
  • Connected apps reviewed
  • Security alerts enabled
  • Backup 2FA method added

Best Practices

  • Review security monthly
  • Update password quarterly
  • Monitor login attempts
  • Check for suspicious activity
  • Keep recovery info current
  • Use different passwords

Security Recommendations

Based on Your Account

Security Score: 87/100
━━━━━━━━━━━━━━━━━━━━━━━

✓ Password: Strong
✓ 2FA: Enabled
✓ Recovery: Set up
⚠ Last password change: 4 months ago

Recommendations:
1. Change your password (overdue)
2. Add backup 2FA method
3. Review connected apps
4. Enable all security alerts

[Improve Security]

Reporting Security Issues

Found a Vulnerability?

Responsible Disclosure:

  1. Email: security@ethikal.com
  2. Include detailed description
  3. Provide steps to reproduce
  4. Don't publicly disclose
  5. Allow time for fix (90 days)

Bug Bounty Program:

  • Report vulnerabilities
  • Earn rewards
  • Help improve security
  • Details: ethikal.com/security

Next Steps

  1. Enable 2FA - If not already
  2. Review Profile
  3. Manage OAuth
  4. Privacy Settings

Protect your account with strong security practices!