Skip to main content
At Roxom, your security is our top priority. That’s why we require all users to strengthen their accounts with additional protection beyond just an email or Google login. In this guide, you’ll learn:
  • What security methods are available
  • Why Passkey is the recommended option
  • What actions require extra verification
  • How to manage your security settings

Your Security Setup at Roxom

Your Roxom account starts with basic access using Email login or Google Sign-In. To protect your account and to enable trading and withdrawals, you’ll need to add at least one strong security method, such as a Passkey or an Authenticator App.

Security methods

  • Email / Google
    Your base identity — used for login and general access.
  • Authenticator App
    Time-based security codes generated by apps like Google Authenticator or Authy.
  • Passkey (recommended)
    Biometric login (Face ID / fingerprint) saved on your device or in the cloud — our strongest and fastest method.

Recommendation

For maximum protection, we recommend enabling both:
  • Passkey (best security + fastest login)
  • Authenticator App (extra layer of protection)

What Happens Without Additional Security Methods?

If you haven’t configured a Passkey or an Authenticator App, your account remains vulnerable and limited in functionality. Here’s what you need to know:
  • You won’t be able to trade or withdraw
  • You can still receive deposits, but your account is considered unprotected
  • Your account will be flagged as having a low security level To unlock all features and properly protect your account, you’ll need to add at least one strong security method.

Manage Your Security in One Place

Go to Account > Security to:
  • View your current security level
  • Enable, manage or remove your Passkeys
  • Set up or disable your Authenticator App (2FA)
Each action is protected with step-up verification, using the strongest method you’ve configured. Passkey is the strongest and most seamless security method available in Roxom. It lets you log in with your fingerprint, face or device PIN — without entering codes.

How to set up a Passkey

  1. Go to Account → Security
  2. Click Enable Passkey
  3. Verify your identity using your strongest available method:
    • Email OTP (a one-time code sent to your email), or
    • Authenticator App code (TOTP)
  4. Choose where to store your Passkey:
    1. iCloud Keychain
    2. Google Password Manager
    3. Chrome profile
    4. Local device
  5. Once enabled, you’ll see the Manage Passkey button.

Manage your Passkeys

From Manage Passkey, you can:
  • Add up to 10 Passkeys
  • Rename existing Passkeys
  • Delete unused Passkeys
When you add a new Passkey, you can confirm the action using any existing Passkey.

Remove a Passkey

To remove a Passkey, you’ll need to confirm using:
  • The same Passkey, or
  • A fallback: Email OTP + Authenticator App (as an additional factor)
Removing a Passkey triggers a 24-hour withdrawal cooldown.

Authenticator App

An Authenticator App adds an extra layer of security by generating time-based one-time codes (TOTP). You can use:
  • Google Authenticator
  • Authy
  • Any other app compatible with TOTP (Time-based One-Time Passwords)

How to set up FA:

  1. Click Enable Authenticator in your Security Settings
  2. Confirm your identity (OTP, FA, or Passkey depending on your setup)
  3. Scan the QR code with your app
  4. Enter the 6-digit code to activate

To disable Authenticator App code:

  • You’ll be asked to verify using Passkey
  • If you don’t have Passkey, you’ll need to enter 2FA + OTP to your email Disabling 2FA triggers a 24-hour withdrawal cooldown
Tip: Most Authenticator Apps don’t support backup. If you’re using one that does (like Authy), great. Otherwise, make sure to securely save the secret key when setting it up.This will allow you to recover FA access if you lose your phone or app.

Email (Login Identity)

Your email is your base login method. You can change it anytime from the Security section.

To change your email:

  1. Click Change Email
  2. Verify with your strongest security method available.
  3. Enter your new email and confirm it via OTP
Security rules for email changes:
  • Withdrawals will be paused for 24 hours
  • You can’t reuse a previous email for 30 days
  • You can’t use an email that’s already linked to another account

Final Tips

  • Email alone is not enough — secure your account now with additional security factors.
  • Enable Passkey first, then Authenticator App (FA) for extra protection
  • Any sensitive changes (email, 2FA, Passkey) will require strong verification
  • If you lose access to your Passkey or 2FA, fallback methods allow recovery if both are set

Need help?

For questions about your security settings, or if something doesn’t look right, you can always talk to Roxy, our support assistant. You’ll find Roxy in the chat bubble at the bottom right of your screen.Looking to recover your account or reset your security methods? Read our guide on how to regain access to your account

Account Restrictions: What You Need to Know

Open article

Beware of phishing scams

Open article