Account protection

From xat wiki
Revision as of 17:53, 26 December 2018 by Bella (
Jump to: navigation, search
Other languages:
Deutsch • ‎English • ‎Nederlands • ‎Tagalog • ‎Türkçe • ‎bosanski • ‎dansk • ‎español • ‎français • ‎italiano • ‎magyar • ‎polski • ‎português do Brasil • ‎română • ‎srpski (latinica)‎ • ‎svenska • ‎български • ‎српски / srpski • ‎العربية • ‎ไทย

This article will provide you with information on different security settings on xat and how they work. Although these security settings can increase your account's security, you should not rely on them completely. We also have other security guides you may want to check.

IMPORTANT: xat staff or volunteers will never ask you to turn off account locking, nor any other security feature. If anyone asks you to turn off account locking, they could be trying to access your account and steal your xats/days/powers.

5-day hold

If xat detects irregularities in your account and suspects phishing on your account, you may be blocked from transferring and trading for 5 days. This allows you time to fix the problem and prevents phishers from transferring away your xats or days. This can not be deactivated and applies to all accounts.

Account Protection

This option is activated on all user accounts by default and can be disabled at the login page. When xat notices a login from a different location, you are required to log in through a link sent to the email account that you used to create your xat account.

This system has been put in place to prevent unauthorized users from gaining access to your account. The special link changes every time you log in, so you don't need to save it. If you randomly receive a login link via e-mail when you have not attempted to log in, you should immediately change your account password.

Please note, before disabling this setting, that a 3-day hold will be placed on your account if you do choose to disable it.

Account Authentication

As an extended layer of protection, xat has integrated Google Authentication. Authentication is not activated by default and must be manually enabled by users. Google Authenticator will generate random codes that will give you access to your account. In order to encourage users to enable this setting and protect their accounts, this has been made a requirement for Tickle power.

See the Authentication article for more information on this feature.

Account Locking

When you have this option enabled, xat will block any login attempts that are not coming from your home location. You can only log in from your home location, no matter what. To enable this setting, you must be at your home location. If you have moved locations or changed your internet service provider (ISP) since you registered, you will need to request a location update via ticket.

Frequently Asked Questions

Q. What happens if I have account locking on and I try to log in to another computer elsewhere?

You will be unable to log in. Make sure to turn off account locking if you are planning to travel or move.

Q. What if I have a dynamic IP; can I still log in with account locking enabled? Will it adjust to my dynamic IP?

In some cases, account locking doesn’t work with dynamic IPs. It depends on how your dynamic IP is setup. It is not recommended to use account locking if you have a dynamic IP.

Q. I am locked out! Now what?

Go to and open a ticket with the Help Topic set to "Locked Out". For a more detailed tutorial on how to do so, please see the Locked out guide.

Q. If I have a laptop, can I always stay logged in?

Account Locking depends on where your location is. If you take your laptop or other device to another location and attempt to login to your account, you will be locked out.

Q. Why am I unable to turn on account locking?

If you moved locations after enabling account locking on your xat account, open a ticket with the Help Topic set to "Location Update".