Logging into your account should be straightforward and secure. Begin by navigating to our official login page and confirm you are on the correct domain to avoid phishing attempts. Enter your registered email or username and the password you created during registration. For enhanced convenience and stronger protection, enable biometric authentication on compatible devices. Biometric login uses local device security to authenticate you without transmitting biometric data to the server.
If you frequently change devices or travel, pay attention to device and location-based authentication prompts. Our systems may flag a login from an unfamiliar location and require additional verification steps such as a one-time code or identity confirmation to maintain account security. These measures temporarily increase friction but substantially reduce the risk of unauthorized access.
Regularly review your account’s security activity and login history from your profile settings. If you see any unknown activities — such as login attempts you did not initiate — follow the immediate steps: change your password, revoke unknown sessions, and contact support. This proactive approach improves account resilience and helps our security team act swiftly when needed.
A strong password is the first line of defense for your account. Use a combination of uppercase and lowercase letters, numbers, and symbols, and avoid common dictionary words or easily guessable sequences. Passwords should be at least twelve characters long when possible, and they should be unique to our site — do not reuse the same password across multiple services.
Consider using a reputable password manager to generate and store complex passwords securely. A password manager can also help you detect reused passwords across services and facilitate safer credential rotation. When updating your password, avoid predictable modifications such as appending sequential numbers to a previously used password.
If you suspect your password has been compromised, immediately update it and enable two-factor authentication. Additionally, review connected payment methods and recent transactions for unauthorized changes. Prompt action reduces the chance of malicious actors completing transactions or accessing personal information tied to your account.
Two-factor authentication significantly enhances account security by requiring a second proof of identity in addition to your password. We support time-based one-time passwords (TOTP) via authenticator apps, which provide rotating codes that are resilient against basic interception. While SMS-based codes are available as a secondary option, authenticator apps are generally recommended due to higher security and resistance to SIM-swapping attacks.
During setup, store backup recovery codes in a secure offline location. If you ever lose access to your authenticator device, those backup codes allow account recovery through our verification flow. Never share your 2FA codes or backup codes with anyone, including people who claim to be support staff — official support will never request your 2FA codes.
Phishing is a common tactic used to steal credentials. Be cautious of emails, messages, or web pages that request your password, 2FA code, or financial details. Our official communications will come from verified addresses and will never ask you to transmit your password or full card details via unsecured channels.
Always inspect URLs before entering credentials, verify any email headers if unsure, and avoid clicking links from untrusted messages. If you receive a suspicious message that appears to be from us, do not interact with it and report it to our support team. We will verify the communication and guide you on any necessary protective steps.
Check active sessions and device access in your security settings. You can sign out devices remotely and invalidate tokens to force re-authentication. Maintaining this habit is important after traveling, changing devices, or if you think your account may be at risk.
If you frequently use multiple devices, consider naming devices in your session list for clarity and revoke any that are unfamiliar. Keeping a small list of trusted devices reduces the cognitive load when reviewing sessions and helps you spot anomalies quickly.
Immediately change your password, revoke active sessions, enable or review 2FA, and contact support to investigate and secure your account.
SMS codes provide some protection but are vulnerable to SIM-swapping. Authenticator apps are recommended for stronger security.
Verify the sender domain, check for personalized content that matches your account, and avoid clicking links in unexpected emails. When in doubt, access your account directly through the official site.
No. Official support will never request your password or 2FA codes. Provide only necessary verification details through official secure channels.
