Account protection: Difference between revisions

From xat wiki
mNo edit summary
No edit summary
(40 intermediate revisions by 9 users not shown)
Line 3: Line 3:
<translate>
<translate>


==xat Account Protection== <!--T:11-->  
<!--T:39-->
This article will provide you with information on different security settings on xat and how they work. Although these security settings can increase your account's security, you should not rely on them completely. We also have other [[:Category:Security|security guides]] you may want to check.


<!--T:3-->
<!--T:45-->
Account Protection is activated '''on all xat accounts''', but can be disabled via the login page. When xat notices a login from a different location, you are required to login through a link sent to the email account that you used to create your xat account.
'''IMPORTANT:''' xat staff or [[<tvar|1>Special:MyLanguage/volunteers</>|volunteers]] will '''never''' ask you to reduce your account protection, nor any other security feature.</translate> <translate><!--T:46--> If anyone asks you to reduce your account protection, they could be trying to access your account and steal your xats/days/powers.</translate><translate>


<!--T:24-->
==Account Protection== <!--T:11-->
This system has been put in place to prevent unauthorized users from gaining access to your account. The special link changes every time you login, so you don't need to save it.


<!--T:4-->
</translate><span id="protection"></span><translate>
As an extended layer of protection, xat has integrated Google Authentication. Google Authentication generates a code that is sent to your cell phone every time you login. See [http://util.xat.com/wiki/index.php/Authentication Authentication] for more information.


===Remember:=== <!--T:12-->
<!--T:47-->
There are three types of Account Protection on xat.</translate> <translate><!--T:48--> This system is in place to prevent unauthorized users from gaining access to your account.</translate> <translate><!--T:49-->
The default type of protection is type 2.


<!--T:6-->
<!--T:50-->
*Never use the same password for your email and your xat ID. It is recommended that you change your password every three months.
To adjust these settings, go to <tvar|1>https://xat.com/login</>.</translate> <translate><!--T:51--> Once you have logged in successfully, scroll down to the security settings.</translate> <translate><!--T:52-->
Once you have selected the type of protection you want, click "Update security settings".


<!--T:7-->
<!--T:53-->
*Never share the login links xat emails you.
'''1- Country'''


<!--T:8-->
<!--T:54-->
*If someone offers you free xats or free promotion they are probably a scammer.
This type lets you log in from anywhere within your country without a security check email, even if you're using a different internet provider or IP address to your home location.</translate> <translate><!--T:55--> This is the lowest level of protection.</translate> <translate><!--T:56-->
If you attempt to log in from a different country to your home location, you will receive E30/E64.


===5 days hold=== <!--T:9-->
<!--T:57-->
'''2 - Internet provider'''
 
<!--T:58-->
This type restricts you to logging in from the same internet provider (e.g. Comcast, AT&T, Time Warner Cable) as your home location, although you can change locations or IP address.</translate> <translate><!--T:59--> You are also required to log in through a security check email sent to the email address that you used to create your xat account.</translate> <translate><!--T:60--> This email contains a special link that changes every time you log in, so you don't need to save it.</translate> <translate><!--T:61--> This is the medium level of protection.</translate> <translate><!--T:62--> If you randomly receive a login link via email when you have not attempted to log in, you should immediately change your account password.</translate> <translate><!--T:63-->
If you attempt to log in from a different internet provider to your home location, you will receive E30/E64.
 
<!--T:64-->
'''3 - IP address'''
 
<!--T:65-->
This type restricts you to logging in from the same IP address and location as your home location.</translate> <translate><!--T:66--> You are also required to log in through a security check email, as described above.</translate> <translate><!--T:67--> This is the highest level of protection.</translate> <translate><!--T:68--> If you attempt to log in from a different IP address (e.g. a dynamic IP address) to your home location, you will receive E30/E64.</translate> <translate><!--T:69-->
If you attempt to log in from a different location to the one you selected type 3 at (i.e. your home location), you will receive E29 and be locked out of your account.
 
==Account Protection Holds== <!--T:70-->
 
</translate><span id="hold"></span><translate>
 
<!--T:71-->
'''3-day hold'''
 
<!--T:72-->
Reducing your Account Protection type from 2 to 1 will place a 3-day hold on your account for security purposes.</translate> <translate><!--T:73-->
Reducing your type from 3 to 2 will not trigger this hold.
 
<!--T:74-->
'''5-day hold'''


<!--T:10-->
<!--T:10-->
If xat detects irregularities in your account and suspects [[Phishing]] on your account, you may be blocked from transferring and trading for 5 days. This allows you time to fix the problem and prevents phishers from transferring away your xats or days. This can not be deactivated and applies to all accounts.  
If xat detects irregularities in your account and suspects [[<tvar|1>Special:MyLanguage/Phishing</>|phishing]] on your account, you may be blocked from transferring and trading for 5 days. This allows you time to fix the problem and prevents phishers from transferring away your xats or days. This can not be deactivated and applies to all accounts.  
 
<!--T:75-->
Your account may also be held for 5 days if there's activity from a different location, internet provider or IP address to your home location.
 
==Email Address Authentication== <!--T:42-->
 
</translate><span id="authentication"></span><translate>
 
<!--T:76-->
As an extended layer of protection, you may consider enabling 2-step verification on the email address associated with your xat account, if your email address provider offers this service.</translate> <translate><!--T:77-->
This can stop users from stealing your xat account even when they know the password of your email address.
 
==Frequently Asked Questions== <!--T:19-->


=Account Locking= <!--T:13-->
</translate><span id="faq"></span><translate>


<!--T:14-->
<!--T:78-->
If you only use your xat account at home you can turn on account locking. This will make it a lot harder for unauthorized users to gain access to your account.
'''Q. What is my home location?'''


<!--T:15-->
<!--T:79-->
'''IMPORTANT:''' xat staff will never ask you to turn off account locking. If anyone asks you to turn off account locking they are trying to access your account and steal your xats/days/powers.  
Your home location is the location, internet provider and IP address you had at the time of registering your account or last having a location update.


<!--T:25-->
<!--T:80-->
'''Note:''' If someone is claiming to be a xat staff, open a [[ticket]].
'''Q. What are E30/E64?'''


<!--T:16-->
<!--T:81-->
If you moved locations or changed Internet Providers, you must turn off locking before you login on the new internet/service provider.
These errors require you to check your emails to log in.</translate> <translate><!--T:82-->
The email address associated with your account will have received a security check email, which is essential to log in.


<!--T:17-->
<!--T:83-->
You shouldn't rely 100% on Account Locking. You still need to protect your passwords, see: [[Phishing]]
'''Q. What is the security check email?'''


===Instructions on how to enable/disable xat Account Locking=== <!--T:18-->
<!--T:84-->
Login [http://xat.com/login here], then click the drop down next to ''"xat account locking"'' and choose '''On (locked)''' to enable or '''Off (not locked)''' to disable.
This is an automated email sent from xat to the email address associated with your account.</translate> <translate><!--T:85--> This email contains a special login link.</translate> <translate><!--T:86-->
If you receive an email like this and haven't tried to log in, you should change your password immediately.


===Frequently Asked Questions=== <!--T:19-->
<!--T:38-->
'''Q. What happens if I have account locking on and I try to login into another computer elsewhere?
'''Q. What happens if I have type 3 selected and I try to log in to another computer elsewhere?'''


<!--T:26-->
<!--T:26-->
You will be unable to login. Make sure to turn off account locking if you are planning to travel or move.
You will be unable to log in.</translate> <translate><!--T:87-->
Make sure to change your account protection type to 1 or 2 (depending on your situation) if you are planning to travel or move.


<!--T:20-->
<!--T:20-->
'''Q. What if I have a dynamic IP, can I still login with account locking enable? Will it adjust to my dynamic IP?
'''Q. What if I have a dynamic IP; can I still log in with type 3 selected? Will it adjust to my dynamic IP?'''


<!--T:27-->
<!--T:27-->
In some cases, account locking doesn’t work with dynamic IPs. It depends on how your dynamic IP is setup. It is not recommended too use account locking if you have a dynamic IP.
In some cases, type 3 doesn’t work with dynamic IPs.</translate> <translate><!--T:88-->
It depends on how your dynamic IP is set up. It is not recommended to use type 3 if you have a dynamic IP.


<!--T:21-->
<!--T:21-->
'''Q. I am locked out! Now what?
'''Q. I am locked out! Now what?'''


<!--T:28-->
<!--T:28-->
Go to http://xat.com/ticket and open a ticket with "Help Topic" set to "Locked Out". For a more detailed tutorial on how to do so please see [[LockedOut]].
If you are unable to return to the location of your home location, go to <tvar|2>https://xat.com/ticket</> and open a ticket with the Help Topic set to "Locked Out".</translate> <translate><!--T:89-->
For a more detailed tutorial on how to do so, please see the '''[[<tvar|1>Special:MyLanguage/Locked out</>|Locked out]]''' guide.


<!--T:22-->
<!--T:22-->
'''Q. If I have a laptop, can I always stay logged in?
'''Q. If I have a laptop, can I always stay logged in?'''


<!--T:29-->
<!--T:29-->
Account Locking depends on where your location is. If you take your laptop or other device to another location and attempt to login to your account, you will be locked out.
Type 3 depends on your IP address and location.</translate> <translate><!--T:90-->
If you take your laptop or other device to a different location to your home location and attempt to log in to your account, you will be locked out.


<!--T:23-->
<!--T:23-->
'''Q. Why can't I turn on locking?
'''Q. Why am I unable to select type 3?'''


<!--T:30-->
<!--T:30-->
If you moved locations since you registered your xat account open a [http://xat.com/ticket ticket] and ask for a location update.
If your location is different to your home location and you wish to select type 3, open a [<tvar|1>https://xat.com/ticket</> ticket] with the Help Topic set to "Location Update".


</translate>
</translate>
[[Category:Security]]
{{Category|Security}}

Revision as of 19:48, 26 June 2019

This article will provide you with information on different security settings on xat and how they work. Although these security settings can increase your account's security, you should not rely on them completely. We also have other security guides you may want to check.

IMPORTANT: xat staff or volunteers will never ask you to reduce your account protection, nor any other security feature. If anyone asks you to reduce your account protection, they could be trying to access your account and steal your xats/days/powers.

Account Protection

There are three types of Account Protection on xat. This system is in place to prevent unauthorized users from gaining access to your account. The default type of protection is type 2.

To adjust these settings, go to https://xat.com/login. Once you have logged in successfully, scroll down to the security settings. Once you have selected the type of protection you want, click "Update security settings".

1- Country

This type lets you log in from anywhere within your country without a security check email, even if you're using a different internet provider or IP address to your home location. This is the lowest level of protection. If you attempt to log in from a different country to your home location, you will receive E30/E64.

2 - Internet provider

This type restricts you to logging in from the same internet provider (e.g. Comcast, AT&T, Time Warner Cable) as your home location, although you can change locations or IP address. You are also required to log in through a security check email sent to the email address that you used to create your xat account. This email contains a special link that changes every time you log in, so you don't need to save it. This is the medium level of protection. If you randomly receive a login link via email when you have not attempted to log in, you should immediately change your account password. If you attempt to log in from a different internet provider to your home location, you will receive E30/E64.

3 - IP address

This type restricts you to logging in from the same IP address and location as your home location. You are also required to log in through a security check email, as described above. This is the highest level of protection. If you attempt to log in from a different IP address (e.g. a dynamic IP address) to your home location, you will receive E30/E64. If you attempt to log in from a different location to the one you selected type 3 at (i.e. your home location), you will receive E29 and be locked out of your account.

Account Protection Holds

3-day hold

Reducing your Account Protection type from 2 to 1 will place a 3-day hold on your account for security purposes. Reducing your type from 3 to 2 will not trigger this hold.

5-day hold

If xat detects irregularities in your account and suspects phishing on your account, you may be blocked from transferring and trading for 5 days. This allows you time to fix the problem and prevents phishers from transferring away your xats or days. This can not be deactivated and applies to all accounts.

Your account may also be held for 5 days if there's activity from a different location, internet provider or IP address to your home location.

Email Address Authentication

As an extended layer of protection, you may consider enabling 2-step verification on the email address associated with your xat account, if your email address provider offers this service. This can stop users from stealing your xat account even when they know the password of your email address.

Frequently Asked Questions

Q. What is my home location?

Your home location is the location, internet provider and IP address you had at the time of registering your account or last having a location update.

Q. What are E30/E64?

These errors require you to check your emails to log in. The email address associated with your account will have received a security check email, which is essential to log in.

Q. What is the security check email?

This is an automated email sent from xat to the email address associated with your account. This email contains a special login link. If you receive an email like this and haven't tried to log in, you should change your password immediately.

Q. What happens if I have type 3 selected and I try to log in to another computer elsewhere?

You will be unable to log in. Make sure to change your account protection type to 1 or 2 (depending on your situation) if you are planning to travel or move.

Q. What if I have a dynamic IP; can I still log in with type 3 selected? Will it adjust to my dynamic IP?

In some cases, type 3 doesn’t work with dynamic IPs. It depends on how your dynamic IP is set up. It is not recommended to use type 3 if you have a dynamic IP.

Q. I am locked out! Now what?

If you are unable to return to the location of your home location, go to https://xat.com/ticket and open a ticket with the Help Topic set to "Locked Out". For a more detailed tutorial on how to do so, please see the Locked out guide.

Q. If I have a laptop, can I always stay logged in?

Type 3 depends on your IP address and location. If you take your laptop or other device to a different location to your home location and attempt to log in to your account, you will be locked out.

Q. Why am I unable to select type 3?

If your location is different to your home location and you wish to select type 3, open a ticket with the Help Topic set to "Location Update".