Overview

CoinTrail provides robust security features to protect user accounts, including two-factor authentication (2FA), session management, and login activity monitoring.

Security Features

• Two-Factor Auth - TOTP-based 2FA using authenticator apps
• Recovery Codes - Backup codes for account recovery
• Secure Passwords - Bcrypt hashing with minimum requirements
• Password Reset - Secure email-based password recovery

Two-Factor Authentication (2FA)

Two-factor authentication adds an extra security layer by requiring a time-based code from your phone in addition to your password.

Supported Authenticator Apps

• Google Authenticator - iOS and Android
• Microsoft Authenticator - Feature-rich with backup options
• Authy - Cross-device sync and encrypted backups
• Any TOTP App - Any app supporting TOTP standard

Enabling 2FA

1. Go to Profile Menu > Security or visit /user/security
2. Click Enable Two-Factor Authentication
3. Scan the QR code with your authenticator app
4. Enter the 6-digit verification code
5. Download and securely store your recovery codes

Disabling 2FA

1. Go to Security Settings at /user/security
2. Click "Disable 2FA"
3. Enter your password to confirm

Password Security

Password Requirements

CoinTrail enforces strong password requirements:

• Minimum 8 characters
• At least one uppercase letter
• At least one lowercase letter
• At least one number
• Special characters recommended

Changing Password

1. Go to your Profile page and select the Password tab
2. Enter your current password
3. Enter your new password
4. Click Change Password to save

Account Recovery

Lost Password

1. Go to login page and click "Forgot Password"
2. Enter your email address
3. Check email for reset link (valid 60 minutes)
4. Click link and create new password

Lost 2FA Access

1. Use one of your saved recovery codes at login
2. Once logged in, disable 2FA in Security Settings
3. Set up 2FA again with your new device and save new recovery codes