This article is intended for Australian members. If you're looking for instructions for CoinJar UK, visit this article.
Ensuring you keep your CoinJar as secure as possible is extremely important, and there are many security measures you should take to do so.
Always check the CoinJar website URL and SSL
Checking the CoinJar website URL
Whenever entering any information online, always ensure the website URL includes “.coinjar.com/”. This indicates you're looking at the official CoinJar website, and not a third party site.
Any other URLs (for example, http://coinjar.support/) are not official websites made by CoinJar. Website domains such as this can be set up by any third party, and can be used to trick people into entering their CoinJar's email address and password into a non-official site. This technique is known as "phishing".
Checking the CoinJar website SSL
Your browser will display a ‘Secure’ padlock to signify your connection to https://coinjar.com/ is authentic and can be trusted. Look out for both the padlock and authorised CoinJar domains. We recommend bookmarking websites and accessing them through bookmarks only. Never enter any personal information if your browser states that the connection is not secure.
Improve your password and use a password manager
When choosing a password, your CoinJar will run a quick check on its complexity and - if necessary - ask you to make it more complex and more difficult for a third party to determine. You should never use the same password for multiple online services/websites, especially the email account linked to your CoinJar. Each website you sign in to should have its own unique password.
Reputable password managers generate and securely store complex passwords for you that aren’t easy for others to determine. They make it much simpler to manage a unique password for each service/website you’re signed up to, and can typically help detect a potentially “unofficial” website posing as CoinJar - they should never auto-fill your sign in details on any website except for coinjar.com/.
Using a password manager will also prevent you from having to manually type in your password - in effect reducing the risk of keyloggers or other similar malware from recording your sign in credentials.
Never directly share personal information
Our Support Team will never ask you to provide personal information, verification details, or Enhanced Security authentication via Support request or email. In the event we’re assisting with account recovery or Enhanced Security removal, we only ever ask you to provide verification information or personal details via dedicated, secure forms.
We will never ask you to upload documents or provide sensitive data via Support request, and especially not by email. If you receive a request for personal information, please report it by submitting a new Support request.
Use Enhanced Security (Multi-Factor Authentication)
By adding Enhanced Security to your CoinJar, anyone attempting to sign in to your account will also need to be able to access your Enhanced Security device. Even if an attacker has your correct sign in details, they won’t be able to access your CoinJar without authenticating with your Enhanced Security device.
Add Enhanced Security to your CoinJar.
Avoid CoinJar imitators
When receiving any email from CoinJar, always double check the sender’s email address - even if the name displayed is correct. Checking the sender email alone is not fool-proof to avoid getting phished. Think twice before you click any link, especially if you have doubts about the email. The simplest way to ensure you’re talking with the official CoinJar Support is to sign in to your Support Portal on www.coinjar.com/.
|Suspicious Emails||Emails from CoinJar Support|
Some more precautions you can take to keep your CoinJar secure:
- Use up-to-date anti-virus software to reduce the risk of key-loggers or other malicious software from recording personal details.
- Avoid signing in to CoinJar from untrusted or public computers and networks.
- Only use a Wi-Fi source if you know and trust its provider.