Account Security

How we keep your WhisperHedge account secure.

Passwordless Authentication

• Magic link authentication
• No passwords to remember or steal
• Time-limited access tokens
• Secure PKCE flow

Learn about magic links →

Session Management

• Automatic session timeout
• Secure session tokens
• Single device sessions
• Manual logout available

Two-Factor Authentication

Status: Coming Soon

We're working on adding TOTP authenticator support for additional security.

Best Practices

Secure Your Email

Your email is your primary security factor:

• ✅ Use strong, unique password
• ✅ Enable 2FA on email account
• ✅ Don't share email access
• ✅ Monitor for suspicious activity

Account Hygiene

• ✅ Don't share magic links
• ✅ Log out on shared devices
• ✅ Review active positions regularly
• ✅ Delete unused positions

If Your Account is Compromised

1. Delete all API keys from trading platforms
2. Remove all positions from WhisperHedge
3. Contact support immediately
4. Review platform security logs
5. Change email password if needed

Related Topics

• Magic Links
• API Key Security
• Data Privacy