Account protection

From xat wiki

This article will provide you with information on different security settings on xat and how they work. Although these security settings can increase your account's security, you should not rely on them completely. We also have other security guides you may want to check.

IMPORTANT: xat staff or volunteers will never ask you to reduce your account protection, nor any other security feature. If anyone asks you to reduce your account protection, they could be trying to access your account and steal your xats/days/powers.

Account Protection

There are three types of Account Protection on xat. This system is in place to prevent unauthorized users from gaining access to your account. The default type of protection is type 2.

To adjust these settings, go to https://xat.com/login. Once you have logged in successfully, scroll down to the security settings. Once you have selected the type of protection you want, click "Update security settings".

1- Country

This type lets you log in from anywhere within your country without a security check email, even if you're using a different internet provider or IP address to your home location. This is the lowest level of protection. If you attempt to log in from a different country to your home location, you will receive E30/E64.

2 - Internet provider

This type restricts you to logging in from the same internet provider (e.g. Comcast, AT&T, Time Warner Cable) as your home location, although you can change locations or IP address. You are also required to log in through a security check email sent to the email address that you used to create your xat account. This email contains a special link that changes every time you log in, so you don't need to save it. This is the medium level of protection. If you randomly receive a login link via email when you have not attempted to log in, you should immediately change your account password. If you attempt to log in from a different internet provider to your home location, you will receive E30/E64.

3 - IP address

This type restricts you to logging in from the same IP address and location as your home location. You are also required to log in through a security check email, as described above. This is the highest level of protection. If you attempt to log in from a different IP address (e.g. a dynamic IP address) to your home location, you will receive E30/E64. If you attempt to log in from a different location to the one you selected type 3 at (i.e. your home location), you will receive E29 and be locked out of your account.

Account Protection Holds

When your account is held, you are unable to trade or send any transfers. However, you can still receive xats and days through transfers from other users. Sometimes a hold is placed automatically on your account (see below) or given manually for security or other reasons through the ticket system.

3-day hold

Reducing your Account Protection type from 2 to 1 will place a 3-day hold on your account for security purposes. Reducing your type from 3 to 2 will not trigger this hold.

5-day hold

If xat detects irregularities in your account and suspects phishing on your account, you may be held for 5 days. This allows you time to fix the problem and prevents phishers from transferring away your xats or days. This can not be deactivated and applies to all accounts.

Your account may also be held for 5 days if there's activity from a different location, internet provider or IP address to your home location.

Email Address Authentication

As an extended layer of protection, you may consider enabling 2-step verification on the email address associated with your xat account, if your email address provider offers this service. This can stop users from stealing your xat account even when they know the password of your email address.

Frequently Asked Questions

Q. What is my home location?

Your home location is the location, internet provider and IP address you had at the time of registering your account or last having a location update.

Q. What are E30/E64?

These errors require you to check your emails to log in. The email address associated with your account will have received a security check email, which is essential to log in.

Q. What is the security check email?

This is an automated email sent from xat to the email address associated with your account. This email contains a special login link. If you receive an email like this and haven't tried to log in, you should change your password immediately.

Q. What happens if I have type 3 selected and I try to log in to another computer elsewhere?

You will be unable to log in. Make sure to change your account protection type to 1 or 2 (depending on your situation) if you are planning to travel or move.

Q. What if I have a dynamic IP; can I still log in with type 3 selected? Will it adjust to my dynamic IP?

In some cases, type 3 doesn’t work with dynamic IPs. It depends on how your dynamic IP is set up. It is not recommended to use type 3 if you have a dynamic IP.

Q. I am locked out! Now what?

A ticket must be created under "Locked Out" Help Topic to solve this error. For a more detailed tutorial on how to do so, please see the Locked out guide.

Q. If I have a laptop, can I always stay logged in?

Type 3 depends on your IP address and location. If you take your laptop or other device to a different location to your home location and attempt to log in to your account, you will be locked out.

Q. Why am I unable to select type 3?

If your location is different to your home location and you wish to select type 3, open a ticket with the Help Topic set to "Location Update".