How to enable 2FA, secure your account, and protect your funds
Your account security is our top priority at WG. In today's digital world, protecting your trading account requires more than just a strong password. This comprehensive guide will walk you through all our security features and best practices to ensure your account and funds remain safe from unauthorized access.
Two-factor authentication is your first and most important line of defense. It adds an extra layer of security by requiring not just your password, but also a second form of verification.
When you enable 2FA, you'll need two things to access your account: something you know (your password) and something you have (your phone or authentication device). Even if someone obtains your password, they can't access your account without the second factor.
We support multiple 2FA methods to suit your preferences. The most popular is app-based authentication using Google Authenticator or Authy. These apps generate a new 6-digit code every 30 seconds that you'll enter along with your password when logging in.
To enable 2FA, navigate to your account security settings and click on 'Enable Two-Factor Authentication'. You'll be presented with a QR code to scan with your authenticator app. Once scanned, the app will start generating codes for your WG account.
IMPORTANT: When you set up 2FA, we'll provide you with backup codes. Write these down and store them in a safe place. These codes can be used to access your account if you lose access to your authentication device. Each backup code can only be used once.
Never share your 2FA codes with anyone, including people claiming to be from WG support. We will never ask for your authentication codes. If you're switching phones, remember to transfer your 2FA setup to your new device before disposing of the old one.
Consider using a dedicated authentication app rather than SMS-based 2FA, as SMS can be vulnerable to SIM swapping attacks. If you must use SMS, ensure your mobile account is also secured with your carrier.
Your password is the foundation of your account security. A weak password is like leaving your front door unlocked.
A strong password should be at least 12 characters long and include a mix of uppercase letters, lowercase letters, numbers, and special characters. Avoid using personal information like birthdays, names, or common words that can be found in a dictionary.
The best passwords are passphrases - a string of random words that create a memorable but hard-to-guess combination. For example: 'TradingMoon$Profit47Beach!' is much stronger than 'Trading123'.
We strongly recommend using a password manager to generate and store your passwords. Password managers create unique, complex passwords for each of your accounts and remember them for you. This means you only need to remember one master password.
Popular password managers include LastPass, 1Password, and Bitwarden. These tools encrypt your passwords and sync them across your devices securely. They can also alert you if any of your passwords have been compromised in data breaches.
Change your password immediately if you suspect it may have been compromised. Signs of compromise include unexpected login attempts, unfamiliar account activity, or notifications about your password appearing in data breaches.
Even without signs of compromise, it's good practice to change your password every 3-6 months. When changing your password, never reuse old passwords or use variations of previous passwords.
Your account is only as secure as the devices you use to access it. Here's how to ensure your computers and mobile devices don't become weak links in your security chain.
Keep your operating system and all software up to date. Software updates often include critical security patches that protect against newly discovered vulnerabilities. Enable automatic updates whenever possible.
Use reputable antivirus software and keep it updated. Run regular scans to detect and remove any malware that could compromise your account. Be especially cautious about keyloggers - malicious programs that record everything you type, including passwords.
Enable screen lock on your mobile devices using a PIN, pattern, fingerprint, or face recognition. This prevents unauthorized access if your device is lost or stolen. Set your device to lock automatically after a short period of inactivity.
Only download apps from official app stores (Google Play Store for Android, App Store for iOS). Be wary of apps requesting unnecessary permissions. Our official WG app will never ask for permissions it doesn't need for trading functionality.
Avoid accessing your trading account over public Wi-Fi networks, which can be easily compromised. If you must use public Wi-Fi, always use a reputable VPN (Virtual Private Network) to encrypt your connection.
Even with a VPN, be extra cautious on public networks. Avoid making large transactions or changing security settings when not on a trusted network. Consider using your mobile data connection instead of public Wi-Fi for sensitive activities.
How you manage your active sessions plays a crucial role in keeping your account secure.
Our platform includes an automatic logout feature that ends your session after a period of inactivity. This protects your account if you forget to log out or step away from your computer. You can adjust the timeout period in your security settings.
Always manually log out when you're finished trading, especially on shared or public computers. Simply closing the browser window may not end your session completely.
In your security settings, you can view all active sessions associated with your account. This shows you every device and location where your account is currently logged in. If you see any unfamiliar sessions, you can terminate them immediately.
We also send email notifications for logins from new devices or locations. If you receive such a notification and it wasn't you, change your password immediately and review your account for any unauthorized activity.
When you log in from a new device, you can choose to mark it as trusted. This reduces the frequency of security checks for that specific device. However, only mark personal devices that you control as trusted - never mark shared or public computers as trusted devices.
Regularly review your list of trusted devices and remove any you no longer use or recognize. If a trusted device is lost or stolen, remove it from your trusted list immediately.
Your email account is often the key to all your other accounts, including your WG trading account. If someone gains access to your email, they could potentially reset your passwords and take control of your accounts.
Use a unique, strong password for your email account - never reuse your trading account password. Enable 2FA on your email account if available. Most major email providers like Gmail, Outlook, and Yahoo support 2FA.
Be cautious of phishing emails claiming to be from WG. We will never ask for your password, 2FA codes, or other sensitive information via email. Always verify the sender's email address and look for signs of phishing like poor grammar, urgent language, or suspicious links.
If you use a recovery email address, ensure it's also properly secured. An compromised recovery email can be used to gain access to your primary email and subsequently your trading account.
Consider using a separate, dedicated email address just for important financial accounts. This reduces the risk of compromise through data breaches at other services you might use with your primary email.
Social engineering attacks try to trick you into revealing sensitive information or taking actions that compromise your security. These attacks exploit human psychology rather than technical vulnerabilities.
Phishing emails that appear to be from WG asking you to verify your account or claim a bonus. These often create a sense of urgency to make you act without thinking. Remember, legitimate communications from us will never ask for sensitive information via email.
Phone calls from people claiming to be WG support offering to help with your account. We will never call you unexpectedly asking for passwords or authentication codes. If you receive such a call, hang up and contact us through official channels to verify.
Fake websites that look like WG but have slightly different URLs. Always check the URL carefully before entering your login credentials. Look for 'https://' and our correct domain name.
Always verify the identity of anyone claiming to represent WG. If you're unsure, end the communication and contact us through our official website or app. Take your time - legitimate requests can wait while you verify their authenticity.
Be skeptical of unsolicited offers, especially those that seem too good to be true. Scammers often promise guaranteed profits or exclusive trading opportunities to lure victims. Remember, legitimate trading always involves risk, and we would never guarantee profits.
If you use our API for automated trading or third-party integrations, securing your API keys is crucial.
Treat your API keys like passwords - never share them or post them in public forums, code repositories, or support tickets. Each API key should be used for only one purpose or application. This way, if one key is compromised, your other integrations remain secure.
Regularly rotate your API keys, especially if you suspect they may have been exposed. You can generate new keys and revoke old ones from your API management dashboard. Always revoke keys immediately when you stop using a service or application.
When creating API keys, follow the principle of least privilege - only grant the minimum permissions necessary for the intended use. For example, a key used only for reading market data shouldn't have trading or withdrawal permissions.
Regularly review your API keys and their permissions. Remove any keys you're no longer using and adjust permissions if your needs have changed. Consider using IP whitelisting to restrict API access to specific, trusted IP addresses.
Despite best efforts, security incidents can happen. Knowing how to respond quickly can minimize damage and help recover your account.
If you suspect your account has been compromised, act immediately:
Time is critical in these situations. The faster you act, the better chance we have of securing your account and preventing losses.
When you contact our support team about a security issue, be prepared to verify your identity. We may ask for information that only you would know about your account. This protects you from attackers trying to social engineer their way into your account.
Our security team will guide you through securing your account, which may include:
After resolving a security incident, take time to understand how it happened. Did you click on a phishing link? Was your password too weak? Was your email account compromised? Understanding the root cause helps prevent future incidents.
Consider upgrading your security measures after an incident. This might mean using a password manager, enabling additional authentication methods, or being more cautious about phishing attempts. View it as an opportunity to strengthen your overall security posture.
Security isn't a one-time setup - it requires ongoing attention and good habits.
Schedule monthly security check-ups for your account. Review your active sessions, API keys, trusted devices, and recent activity. Update your passwords regularly and ensure your contact information is current.
Stay informed about new security features we introduce. We continuously improve our security measures, and taking advantage of new features helps keep your account protected against evolving threats.
Follow our security blog and announcements for updates about new threats and protective measures. The cybersecurity landscape changes constantly, and staying informed helps you adapt your security practices accordingly.
Consider joining our community forums where traders share security tips and experiences. Learning from others' experiences can help you avoid common pitfalls and discover new ways to protect your account.
Securing your WG account is a partnership between you and us. While we provide robust security features and constantly work to protect our platform, your actions and habits play a crucial role in keeping your account safe.
Remember, the few extra seconds it takes to enter a 2FA code or the slight inconvenience of using a password manager are small prices to pay for the peace of mind that comes with knowing your trading account is secure. Your financial future deserves the best protection possible.
If you ever have questions about security or need help implementing any of these measures, our support team is here to help 24/7. Together, we can ensure your trading journey is not only profitable but also secure.
