Securing your account

Use strong, unique passwords

Current OWASP recommendations include:

  • A password length of at least 10 characters
  • Using different cases, special characters, numbers, etc.
  • Using long pass-phrases consisting of several random dictionary words
  • Choosing a unique password not used on any other website

Enable Google Authenticator 2FA

Two-factor authentication (2FA) is a method of verifying a user’s identity by asking for two independent pieces of proof. On Xena Exchange, 2FA is implemented with the Google Authenticator application. To perform any sensitive operation, such as withdrawals, a hacker would have to:

  1. Know your login and password to log in to the platform and initiate the operation.
  2. Have access to the unique six-digit code that is valid for one minute and that is randomly generated by an application installed on your smartphone.

Configure 2FA by going to the Security Settings page in your account on Xena Exchange. To configure 2FA:

  1. Install the Google Authenticator application (Android or iOS)
  2. Click the "Disabled" warning on "Two-factor authentication for sensitive operations”
  3. Follow the instructions

IMPORTANT: Please write down the code as suggested by the instructions and keep the hard copy in a secure location. It will be required if you lose your smartphone and you need to recover access to your account.

There are two independent processes used with 2FA:

  • Sensitive operations (withdrawals, trusted addresses, password changes, and account recovery)
  • Logging in

Both of these functions use the same 2FA setup, so once you configure your Google Authenticator for one of the functions, you can use the same code for the second.

Never share passwords or 2FA codes

Never disclose the password of your account or 2FA codes to anyone, including those claiming to be Xena Exchange support. Our support team will never ask for your password.