> ## Documentation Index
> Fetch the complete documentation index at: https://guide.crypto-now.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Secure your account

> Turn on email and Google Authenticator 2FA, save your backup phrase, and lock down API access — before you touch any funds.

CryptoNow doesn't force two-factor authentication at sign-up, but it's required
the moment you do anything that matters.

<Warning>
  **Email 2FA and Google Authenticator are effectively mandatory.** Both must be
  on before you can withdraw, move funds, view private or API keys, or delete a
  wallet or account. Set them up now so nothing blocks you later.
</Warning>

Everything here lives under **Settings → Security**.

<Frame caption="The Security section before setup — email unconfirmed, 2FA off.">
  <img src="https://mintcdn.com/crypto-now/DmenxjeNtgOG1-Oh/images/secure-your-account/01-security-overview.png?fit=max&auto=format&n=DmenxjeNtgOG1-Oh&q=85&s=bfe6ad30117bee563c58b237e5f709e3" alt="CryptoNow security settings with email 2FA and two-factor authentication disabled" width="1920" height="1013" data-path="images/secure-your-account/01-security-overview.png" />
</Frame>

<Steps>
  <Step title="Confirm your email">
    Under **Confirm E-mail**, click **Send link**, then open the message and
    confirm. The status flips to **Confirmed**.
  </Step>

  <Step title="Enable email 2FA">
    Click **Enable 2FA** under **Enable E-mail 2FA**. From now on, a code is
    emailed to you for sensitive actions.
  </Step>

  <Step title="Enable Google Authenticator">
    Under **Two-factor authentication**, click **Enable 2FA**, scan the QR code
    with Google Authenticator (or any TOTP app), and enter the 6-digit code to
    confirm.

    <Frame caption="Scan the QR with your authenticator app, then enter the code.">
      <img src="https://mintlify.s3.us-west-1.amazonaws.com/crypto-now/images/secure-your-account/02-google-auth-setup.png" alt="Enable 2FA dialog showing a QR code to scan with Google Authenticator" />
    </Frame>

    <Note>
      Store your authenticator backup somewhere safe. If you lose the device,
      regaining access means contacting support.
    </Note>
  </Step>

  <Step title="Save your backup phrase">
    Under **Backup Phrase**, click **Start Backup** and write down the 12 words
    in order, offline. This recovers your account if you lose your password.
  </Step>
</Steps>

Both factors on, your account looks like this:

<Frame caption="Email 2FA and two-factor authentication both enabled.">
  <img src="https://mintcdn.com/crypto-now/DmenxjeNtgOG1-Oh/images/secure-your-account/03-2fa-enabled.png?fit=max&auto=format&n=DmenxjeNtgOG1-Oh&q=85&s=4a52a6fc6fb360a39847426d73c7274e" alt="CryptoNow security settings showing email 2FA and two-factor authentication both enabled" width="1920" height="1013" data-path="images/secure-your-account/03-2fa-enabled.png" />
</Frame>

## Restrict API access (for API users)

If you'll use the API, lock it down under **Settings → Security** by allowlisting
the **IP**, **Origin**, and **User-Agent** that may call it. Skip this if you're
not building an integration.

<Frame caption="Allowlist the IP, origin, and user-agent that can use your API keys.">
  <img src="https://mintcdn.com/crypto-now/DmenxjeNtgOG1-Oh/images/secure-your-account/04-api-allowlist.png?fit=max&auto=format&n=DmenxjeNtgOG1-Oh&q=85&s=34bcf5b0abc6d215d23bd4fea0af93ee" alt="API security settings with whitelist IP, origin, and user agent fields" width="2560" height="1440" data-path="images/secure-your-account/04-api-allowlist.png" />
</Frame>

<Note>
  One thing **not** to touch: leave **autosign on**. It's on by default and
  signs your checkouts, sweeps, and swaps automatically — turning it off breaks
  those flows.
</Note>
