Manage and monitor all devices that access your trading account for enhanced security
Device management is a crucial aspect of account security that allows you to monitor and control which devices can access your trading account. By properly managing your devices, you can prevent unauthorized access and quickly identify suspicious activity.
Our system creates a unique fingerprint for each device that accesses your account, allowing us to recognize returning devices and flag new ones.
When you log in, our system collects various characteristics about your device to create a unique fingerprint. This includes your browser type and version, operating system, screen resolution, timezone, language settings, and installed plugins. We also analyze hardware characteristics like your CPU, graphics card, and audio configuration.
This fingerprint is created using a one-way hash function, meaning we can recognize your device again but cannot reverse-engineer the information to track you across other websites. The fingerprint is associated with your account and helps us distinguish between your regular devices and potential unauthorized access attempts.
We track the geographic location of login attempts using IP address geolocation. This helps us identify suspicious access attempts from unusual locations. If someone tries to access your account from a country you've never visited, we'll flag this as suspicious and require additional verification.
We maintain a history of your typical login locations and use this to build a profile of normal behavior. Significant deviations from this pattern trigger our security protocols. However, we understand that you might travel, so we provide easy ways to verify legitimate access from new locations.
You have complete control over which devices are trusted to access your account.
In your security settings, you can view a comprehensive list of all devices that have accessed your account. For each device, you'll see the device name (which you can customize), the device type (desktop, mobile, tablet), browser and operating system information, the last access time, and the location of last access.
Devices are color-coded for easy identification: green for currently active devices, yellow for devices that haven't been used recently, and red for devices flagged as suspicious. You can sort and filter this list to quickly find specific devices or identify potential security concerns.
When you log in from a new device, you have the option to mark it as trusted. Trusted devices enjoy certain conveniences, such as longer session durations and less frequent 2FA requirements. However, this trust comes with responsibility - only mark personal devices that others cannot access as trusted.
You can set different trust levels for different devices. For example, your personal laptop might be fully trusted, your work computer partially trusted, and your phone trusted only for viewing but not for executing trades. This granular control allows you to balance security with convenience based on your specific needs.
You can instantly revoke access for any device from your security settings. This immediately invalidates any active sessions on that device and requires fresh authentication to regain access. This is particularly useful if you lose a device or suspect it may have been compromised.
We also provide a 'panic button' feature that allows you to instantly revoke access for all devices except the one you're currently using. This is helpful if you suspect your account has been compromised and need to quickly secure it.
Stay informed about all device activity on your account through our comprehensive notification system.
Whenever a new device accesses your account, we immediately send you a notification via email and, if configured, SMS or push notification. This alert includes details about the device, including its type, browser, operating system, and geographic location. The notification also includes a direct link to review and manage the device.
If you don't recognize the device, you can immediately block it and secure your account with a single click from the notification. We also provide information about what to do if you suspect unauthorized access, including steps to secure your account and contact our support team.
Beyond new device alerts, we monitor for unusual patterns in device usage. This includes access from multiple devices in different locations within a short timeframe, devices accessing your account at unusual hours, or devices exhibiting behavior patterns consistent with automated access.
When we detect unusual activity, we send detailed alerts explaining what we've observed and why it's concerning. These notifications include recommendations for action, such as reviewing recent transactions, changing your password, or enabling additional security features.
Mobile devices require special consideration due to their portability and the sensitive nature of mobile trading.
Our mobile app includes additional security features designed specifically for mobile devices. These include biometric authentication (fingerprint or face recognition), app-specific PINs for quick access, and automatic logout when the app is backgrounded.
The app stores minimal data locally, and any sensitive information is encrypted using your device's secure enclave. We also implement certificate pinning to prevent man-in-the-middle attacks and ensure your app only communicates with our legitimate servers.
If your mobile device is lost or stolen, you can remotely wipe all WG app data from the device through your account settings. This removes all cached data, saved credentials, and trading history from the device. The wipe command is sent immediately when the device next connects to the internet.
We also support integration with mobile device management (MDM) solutions for corporate users. This allows companies to enforce security policies on devices that access corporate trading accounts, including requirements for device encryption, screen locks, and automatic wipe after failed login attempts.
While we strongly recommend avoiding public devices for trading, we understand sometimes it's necessary. Here's how to do it safely.
When logging in from a public or shared device, always use our temporary session mode. This mode implements stricter security measures including shorter session timeouts, disabled password saving, no device trust options, and automatic session termination when you close the browser.
In temporary session mode, we also disable certain features that could leave traces on the device, such as download functions and printing capabilities. The session is completely isolated and leaves no persistent data on the device after logout.
When using a shared device, proper logout is crucial. Don't just close the browser - always use the logout button to end your session. After logging out, clear the browser cache and cookies. We provide a 'secure logout' option that automatically clears local storage and session data.
Consider using private browsing or incognito mode when accessing your account from shared devices. While this isn't foolproof, it reduces the risk of leaving traces of your session. Always verify that you're logged out before leaving the device.
For users requiring enhanced security, we offer additional device management capabilities.
You can set limits on the number of devices that can access your account simultaneously. This prevents unauthorized access even if someone obtains your credentials. You can also restrict access to specific device types - for example, allowing only desktop access for executing trades while permitting mobile devices for monitoring only.
Time-based restrictions allow you to specify when certain devices can access your account. This is useful for work devices that should only have access during business hours, or for limiting access from certain geographic regions to specific timeframes.
If you use trading bots or third-party applications, these are managed separately in your device management settings. Each API connection is treated as a unique device with its own permissions and restrictions. You can set specific limitations on what each API connection can do, such as read-only access or trading limits.
We provide detailed logs of all API activity, allowing you to monitor third-party access to your account. You can revoke API access instantly if you notice any suspicious activity, and we alert you to any unusual patterns in API usage.
