
Confirm your email
Under Confirm E-mail, click Send link, then open the message and
confirm. The status flips to Confirmed.
Enable email 2FA
Click Enable 2FA under Enable E-mail 2FA. From now on, a code is
emailed to you for sensitive actions.
Enable Google Authenticator
Under Two-factor authentication, click Enable 2FA, scan the QR code
with Google Authenticator (or any TOTP app), and enter the 6-digit code to
confirm.

Store your authenticator backup somewhere safe. If you lose the device,
regaining access means contacting support.

Restrict API access (for API users)
If you’ll use the API, lock it down under Settings → Security by allowlisting the IP, Origin, and User-Agent that may call it. Skip this if you’re not building an integration.
One thing not to touch: leave autosign on. It’s on by default and
signs your checkouts, sweeps, and swaps automatically — turning it off breaks
those flows.