Security
Protect your account with two-factor authentication, a password, and safe transaction habits.
Your money and crypto are only as safe as your account. Criptala gives you strong tools to lock it down — two-factor authentication and an optional password — plus a few habits that keep you clear of fraud. Most of these controls live on the Account page, where you can "Manage your account and general settings."
Where to find these settings
Open the Account page from the top-right user menu. You'll find your security cards there alongside your general account settings.
Two-factor authentication (2FA)
Two-factor authentication adds a second check at sign-in: after your usual login, we ask for a one-time code that only your phone can generate. Criptala's 2FA uses an authenticator app (TOTP) together with recovery codes.
On the Account page, find the Two factor authentication card: "When two-factor authentication is enabled, we'll ask you for a secure random code during authentication. You can get this code from your preferred authenticator app." The card shows your current status — Enabled or Disabled — and a Configure button.
Enable 2FA
On the Two factor authentication card, select Configure.
Scan the QR code using your phone's authenticator application, or enter the setup key manually if you can't scan.
Enter the generated Code to confirm. Your status changes to Enabled.
Recovery codes
If you ever lose your phone, recovery codes are your way back in: "Store these recovery codes in a secure password manager. They can be used to recover access to your account if your two factor authentication device is lost."
Use Show recovery codes to view them, and Regenerate recovery codes to create a fresh set (which invalidates the old ones).
Keep your recovery codes safe
Save your recovery codes somewhere only you can reach — a password manager is ideal. Anyone with these codes can get into your account, and losing both your authenticator device and your codes can lock you out.
Signing in with 2FA
With 2FA on, after your normal login you'll reach the Two factor verification screen and enter your 6-digit code. Lost your device? Choose Use a recovery code and enter one of your saved codes instead.
Disabling 2FA
You can turn 2FA off with Disable, unless your account requires it. In some cases 2FA is mandatory and must be set up before you can continue.
Password
Criptala is passwordless by default — you don't need a password to sign in. If you'd still like one, you can set or update it on the Account page under Update your password: enter your Current password, your new Password, and a Password confirmation.
Staying safe and avoiding fraud
A few habits protect you from the most common scams.
Avoid fraud
When you buy with a bank transfer, you must be the owner of the account you pay from. Never accept money from third parties to buy crypto — it's a common fraud pattern and puts your account at risk.
Double-check network and address
Before sending crypto, confirm both the network and the address. Sending on the wrong network or to a wrong address can mean the funds are unrecoverable. See Wallets for how to read these details.
To add another layer, Criptala screens wallet addresses for safety. If an address is flagged, it can't be used for a transaction.
Criptala will never ask for your codes
We will never ask for your recovery codes or your authenticator codes outside the app's own sign-in screen. If anyone requests them by email, phone, or message, it's a scam — don't share them.