It's essential that you keep your CoinJar as secure as you can. Below, we've listed some key security measures you should take to keep your account safe.
Always check the CoinJar website URL and SSL
Checking the CoinJar website URL
Always make sure that the website URL includes “.coinjar.com/”. This shows that you're looking at the official CoinJar website — and not a malicious third party site.
Any other URLs (for example, http://coinjar.support/) are not official websites made by CoinJar. Website domains like this can be set up by a malicious third party, and are designed to trick people into entering their CoinJar's email address and password into a non-official site. This technique is known as "phishing".
Checking the CoinJar website SSL
Your browser will display a ‘Secure’ padlock to show your connection to https://coinjar.com/ is authentic and trusted. Look out for both the padlock and authorised CoinJar domains. We recommend bookmarking websites and accessing them through bookmarks only.
Never enter any personal information if your browser states that the connection is not secure.
Improve your password and use a password manager
When choosing a password, your CoinJar will run a quick check on its complexity. If necessary, you'll be asked to make your password more complex and more difficult for a third party to determine.
You should never use the same password for multiple online services/websites — especially the email account linked to your CoinJar. Each website you sign in to should have its own unique password.
Reputable password managers generate and securely store complex passwords for you that aren’t easy for others to guess. They make it much easier to have a unique password for each service/website you’re signed up to, and can help detect an “unofficial” website posing as CoinJar. That is, they should never auto-fill your sign in details on any website except for coinjar.com/.
Using a password manager will also prevent you from having to manually type in your password — this can reduce the risk of keyloggers or other similar malware from recording your sign in credentials.
Never directly share personal information
Our Support Team will never ask you to provide personal information, verification details, or Enhanced Security authentication via Support request or email. In the event we’re helping with account recovery or Enhanced Security removal, we only ever ask you to provide verification information or personal details via dedicated, secure forms.
We will never ask you to upload documents or provide sensitive data via Support request, and especially not by email or a third party messaging service. If you receive a request for personal information, please report it by submitting a new Support request.
Use Enhanced Security (2FA)
By adding two factor authentication (2FA) to your CoinJar, anyone attempting to sign in to your account will also need to be able to access your authenticator device. Even if an attacker has your CoinJar's email and password, they won’t be able to access your CoinJar without first providing this extra verification.
Avoid CoinJar imitators
When receiving any email from CoinJar, always double check the sender’s email address — even if the name displayed looks correct. Checking the sender email alone is not enough to avoid getting phished. (Can you spot the security flaw above?)
Think twice before you click any link — especially if you have doubts about the email. The simplest way to ensure you’re talking with the official CoinJar Support is to sign in to your Support Portal on www.coinjar.com/.
|Emails from CoinJar Support
Some more precautions you can take to keep your CoinJar secure:
- Use up-to-date anti-virus software to reduce the risk of key-loggers or other malicious software from recording personal details.
- Avoid signing in to CoinJar from untrusted or public computers and networks.
- Only use a Wi-Fi source if you know and trust its provider.