Two-Factor Authentication (2FA) - Setup, Change & Recovery
                    
                        Two-Factor Authentication (2FA) provides an extra layer of security for your account by requiring a second step of verification when you log in or perform some specific actions. In addition to your password, you'll also need an OTP received via SMS/Email or an OTP generated by apps like Google Authenticator, Authy, etc.
                    
                    
                        The default mode of 2FA on Bitallx is via SMS/Email. But if you would like to perform app-based 2FA, you will need to install authenticator apps like Google Authenticator, Authy which display a 6-digit passcode on the opening screen & you typically get 30 seconds to use it before it expires & then displays a new passcode.
                    
                     Counter Financing of Terrorism (CFT)
                    
                        If you would like to switch from SMS/Email OTP based 2FA to an App based 2FA, follow the below steps:
                    
                    
                        - Click on Profile button at the top right of your screen & click on Account Settings.
- Tap on Two Factor Authentication and select Authenticator App.
- Enter the OTP you receive on SMS/Email & tap on Next.
- Open your Authenticator app & follow the steps to add a new account. You can scan your Bitallx Barcode or manually enter the Recovery code into your authenticator app.
- Enter the OTP you see in your Authenticator app.
- Save the Recovery Code in a secured place (you will need this in the future in case you lose or change your mobile device).
- Open the email & click on Approve 2FA request in the confirmation email you receive.
Switching to SMS/Email based 2-Factor Authentication
                    
                        If you would like to switch from an App based 2FA to an SMS/Email OTP based 2FA, follow the below steps:
                    
                    
                        - Click on Profile button at the top right of your screen & click on Account Settings.
- Tap on Two Factor Authentication and select Mobile SMS.
- Enter the OTP you see on your Authenticator app & tap on Next.
- Enter the OTP you receive on SMS/Email & tap on Next.
- Open the email & click on Approve 2FA request in the confirmation email you receive.
Why am I getting an 'incorrect or expired OTP' error?
                    
                        Very rarely, you may see an "incorrect or expired OTP" error when you enter the OTP from your authenticator app into Bitallx. This happens when the time on your authenticator app is not in sync with Bitallx. Here's (for Android) how you can ensure you have the correct time on your authenticator app -
                    
                    
                        - Open the Authenticator app & tap on Menu.
- Tap on Settings.
- Tap on Time correction for codes.
- Tap on Sync now.
I’ve lost my Authenticator app. How do I recover/reset my Bitallx 2FA?
                    
                        - If you have the Recovery Code - You simply have to go to https://bitallx.live/login , enter your login credentials, and click on Login. Next, click on the Recover Authentication Code button below & then follow the on-screen instructions.
- If you have lost the Recovery Code - Contact us via chat through this link - Submit a Request & we will help you out.
- Note: Due to security reasons manual 2FA reset requests will be processed within 48 hours.
 
                
                
                    Securing your Bitallx account - Tips & Best Practices
                    
                        Keeping your Bitallx account and funds safe is always our topmost priority. You form an important part of the effort and together we can keep Bitallx as the most secure exchange in India. Below are some important best practices you should follow to keep your Bitallx account secure.
                    
                    
                        Using the right Bitallx
                    
                    
                        - If you are trading via the website, ensure the domain is bitallx.live
- When you receive emails from Bitallx, check if the email ID is @bitallx.live
                        Password
                    
                    
                        - Always Set a strong password for your account
- Passwords must be at least 6 characters long and a maximum of 64 characters. We recommend using passwords longer than 10 characters.
- Include a combination of characters, numbers & symbols like $%^~ in your password
- Never use common words as passwords. For eg your name or birthdate or your pet's name
- Never use a password that you have used elsewhere. For eg - your email password, your Facebook password or even your password for another cryptocurrency exchange
- Never share your password with anyone else. Bitallx will never call or email you asking for your password. Nobody needs your password to help you with a problem.
 You should also follow the above tips to secure the email ID that you have registered with your Bitallx account.
                    
                        Two Factor Authentication (2FA) & OTP
                    
                    
                        - Always enable 2FA on your account. We highly recommend using an app-based 2FA like Google Authenticator.
- When setting up 2FA, store the secret key in a very safe place. Never store it on your device or email
- Never share your 2FA app or device with anyone else.
- Never share your 2FA Code/OTP with anyone else. Even if someone claims they're contacting you from Bitallx. We never need your OTP to help you with any problem.
- If you have received an OTP on your phone without requesting one, please contact our support team immediately.
                        Two Factor Authentication (2FA) & OTP
                    
                    
                        Never share account details like your registered Bitallx email ID, mobile number, bank details, Transaction number or amount publicly. Only share it with the support team if asked through official channels like the support.bitallx.live
                    
                    
                        Devices
                    
                    
                        - If you are using the Bitallx iOS or Android App, enable the Passcode feature from the Security Menu.
- Keep your phone OS updated to the latest version. Your OS makes regular security updates so it's important that you stay updated with the latest fixes.
- Setup fingerprint recognition, passcode or any other access security features that your phone may support
- If possible, enable features that wipe out your phone in case it is lost.
- Avoid jailbreaking your phone as that may compromise the phone's security updates.
- Install good antivirus software on your computer but don't depend entirely on it.
- Avoid installing too many software or browser extensions.
- Do not download or install files you don't trust. Especially if they download automatically or are sent as an email attachment
- Only connect to WiFi & Internet networks that you are familiar with and fully trust. Keep your home WIFI networks password protected
                        Crypto Deposits & Withdrawals
                    
                    
                        Always cross-check the deposit address that you have copied when you paste it into the withdrawal wallet.
                    
                    
                        General Advice
                    
                    
                        - Avoid operating your Bitallx account on public computers like cybercafes
- Always log out of your Bitallx account if someone else uses the same device
- Avoid sharing details of your investments in public channels like Telegram, WhatsApp, forums, etc. Don't disclose your cryptocurrency holdings to anyone in public.
- Never send money to anyone claiming to be representing Bitallx. We will never ask you to send money to random addresses or accounts.
- Set up 2FA for the email ID that you use for trading. For eg - Gmail, Outlook, etc
- Don't disclose your cryptocurrency holdings to anyone in public.
 
                
                
                    Fake Websites Alert
                    
                        Keeping your Bitallx account and funds safe is always our topmost priority. You form an important part of the effort, and together we can keep Bitallx as the most secure exchange in India.
                    
                    
                        Never share account details like your registered Bitallx email ID, mobile number, bank details, and Transaction number with such websites. Avoid engaging into any kind of transactions including transferring any amount whether in cash or crypto to the people who are operating such websites. We have been made aware of multiple websites (like these 👇) posing as our brand, offering false services:
                    
                    
                    
                        Team Bitallx will never personally message you for sensitive information about your funds. If someone else DMs or reaches out to you via a different URL, kindly ignore & report it.
                    
                 
                
                
                    Bitallx Bug bounty - Wall Of Fame
                    
                        On behalf of Bitallx and users who visit our site, use Bitallx App and our other products, we would like to thank them for reporting the bugs to us and for helping us to make our platform more secure.
                    
                    
                        We are happy to present you the list of researchers who have participated in the program, uncovered valid bugs, and agreed to be named and extend our gratitude to them:
                    
                    
                        If you believe that you have found a security vulnerability or Bug on any Bitallx’s owned Website or Application, we encourage you to let us know straight away. Our Team will investigate all legitimate reports and do our best to quickly fix the problem.
                    
                    
                        Disclosure Policy
                    
                    
                        - We will acknowledge your submission only if you are the first person to report a certain Known issues or issues that have already been reported will not be considered as a valid report 
- You may not publicly disclose the vulnerability prior to our
-  Any Improper public disclosure/ misuse of information will entitle Bitallx to take appropriate legal