How do I make my account more secure?

Cryptopia accounts are accessed by logging in using a registered Email Address, Password and a unique dynamic 6 digit Two Factor Authentication (2FA) Email Code, which will be sent to your registered 2FA email address. When setting up your account, we strongly recommend you follow the instructions below to secure your account from unauthorised access:

#1. Set a strong Password


Cryptopia has strict minimum password requirements for the security of user accounts, and these are case sensitive. Your password must be at least 8 characters long, and include at least one of each of the following characters: 
  • 1 Uppercase letter, 
  • 1 lowercase letter, 
  • 1 special character, and 
  • 1 number.
PLEASE NOTE:  Use a unique Password which is specific to your Cryptopia account. The more complicated your password is, the more secure.

Cryptopia support staff CAN NEVER VIEW your password, so never ask us, or tell us, what your password is.


#2. Set up a dynamic Two Factor Authentication (2FA) and set a different Two Factor Authentication (2FA) for every action.


All Cryptopia accounts start with a unique dynamic 6 digit Two Factor Authentication (2FA) Email Code, which will be sent to your registered 2FA email address.


We strongly recommend that all users set up dynamic Two Factor Authentication via an Authentication Application (such as Google Authenticator or Authy) or use a Cryptopia Authentication Device as the most secure forms of 2FA are timed dynamic codes, which constantly change and are sent via the application. Please see this article on the Help Centre that has instructions on how to set these up.



Our article 'What is Two Factor Authentication (2FA) and how do I set it up?' illustrates how to change your 2FA settings.

PLEASE NOTE: 2FA is set for Login as well as a number of other account activities by default: Settings (Security), Lockout, Withdraw, Transfer, and Tip. We recommend setting a different 2FA for each action. 


#3. Use a Unique Email Address


Keeping your email account secure is one of the most important security factors. Your email account can provide account access and information.

 A number of important emails are sent from Cryptopia to your registered email address with information relating to activity on your account (logins, failed login attempts, withdraw confirmations etc). They often include links giving you the ability to quickly lock your account for a 24 hour period if you receive notification of activity that was not generated by you.

Cryptopia recommends:
  • using a unique email address which you have not used on any other sites or services, as this is how your account can be identified and potentially exploited by other people. 
  • it must be a permanent email address that you have reliable access to as you will be sent emails relating to activity on your account.
  • use an email provider that supports 2FA on your email account. Please check if your current provider supports 2FA and if so, enable it.
You can identify if your email address (and possibly information and credentials associated with it) have been leaked, on sites that search for known leaks. An example of a search site is https://haveibeenpwned.com/.


#4. Add extra features


There are extra measures you can take to ensure the security of your account. Enabling 'Address Book Withdraw Only' means that only addresses that you have added through your Security page can be withdrawn to. Our article  'How do I use a Withdraw Address Book' shows how to set this up.

securityyyyy.PNG 236.88 KB
PLEASE NOTE: NEVER tick the box to disable your Withdraw Email Confirmation.

Your Settings page will also allow you to add a feature that  ensures you are notified each time your account is successfully logged on to.

settings.PNG 80.22 KB

Other tips and tricks
  • Avoid using shared or public devices and networks to access online services.
  • Always log yourself out after completing your activities.
  • Keep your personal computer and devices secured when they are not in use.
  • Familiarise yourself with the security functionality of each service (for example, Cryptopia), before using it with significant funds.
  • Never tell anyone your passwords.
  • Be aware of phishing scams listed in our 'Is Cryptopia Safe' article.
  • If you ever have any concern that your information may be known to unauthorised parties, please immediately change password and 2FA setting for each service you use.
  • If you believe your account has been compromised, please see this article on what to do 'What do I do if I think my account has been compromised?'