> ## Documentation Index
> Fetch the complete documentation index at: https://docs.roxom.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How to secure your Roxom account

> Set up Passkey and Authenticator App to protect your account and enable withdrawals.

At Roxom, your security is our top priority. That’s why we require all users to strengthen their accounts with additional protection beyond just an email or Google login.

In this guide, you’ll learn:

* What security methods are available
* Why Passkey is the recommended option
* What actions require extra verification
* How to manage your security settings

***

## Your security setup at Roxom

Your Roxom account starts with **basic access** using **Email login** or **Google Sign-In**.

To **protect your account** and to enable **trading and withdrawals**, you’ll need to add **at least one strong security method**, such as a **Passkey** or an **Authenticator App**.

#### Security methods

* **Email / Google**\
  Your base identity, used for login and general access.
* **Authenticator App**\
  Time-based security codes generated by apps like **Google Authenticator** or **Authy**.
* **Passkey (recommended)**\
  Biometric login (Face ID or fingerprint) saved on your device or in the cloud. **Our strongest and fastest method**.

<Tip>
  ### Recommendation

  For maximum protection, we recommend enabling **both**:

  * **Passkey** (best security + fastest login)
  * **Authenticator App** (extra layer of protection)
</Tip>

## What happens without additional security methods?

If you haven’t configured a **Passkey** or an **Authenticator App**, your account remains vulnerable and limited in functionality.

Here’s what you need to know:

* You **won’t be able to trade or withdraw**
* You **can still receive deposits**, but your account is considered **unprotected**
* Your account will be flagged as having a **low security level**. To unlock all features and properly protect your account, you’ll need to add at least one strong security method.

## Manage your security in one place

From the header, open your **profile menu** and go to [**Security**](https://roxom.com/user/security):

From there, you can:

* View your **current security level**
* Enable, manage or remove your **Passkeys**
* Set up or disable your **Authenticator App (2FA)**

Each action is protected with **step-up verification**, using the strongest method you've configured.

## Passkey: biometric login (recommended)

Passkey is the strongest and most seamless security method available in Roxom. It lets you log in with your fingerprint, face or device PIN, without entering codes.

## How to set up a Passkey

1. From the header, open your **profile menu** and go to [**Security**](https://roxom.com/user/security)
2. Click **Enable Passkey**
3. **Verify your identity** using your strongest available method:
   * **Email OTP** (a one-time code sent to your email), or
   * **Authenticator App code** (TOTP)
4. Choose where to store your Passkey:
   1. **iCloud Keychain**
   2. **Google Password Manager**
   3. **Chrome profile**
   4. **Local device**
5. Once enabled, you’ll see the **Manage Passkey** button.

### Manage your Passkeys

From **Manage Passkey**, you can:

* Add up to **10 Passkeys**
* Rename existing Passkeys
* Delete unused Passkeys

When you add a new Passkey, you can confirm the action using **any existing Passkey**.

### Remove a Passkey

To remove a Passkey, you’ll need to confirm using:

* The **same Passkey**, or
* A fallback: **Email OTP + Authenticator App** (as an additional factor)

<Warning>
  Removing a Passkey triggers a **24-hour withdrawal cooldown**.
</Warning>

***

## Authenticator app

An **Authenticator app** adds an extra layer of security by generating **time-based one-time codes (TOTP)**.

You can use:

* **Google Authenticator**
* **Authy**
* Any other app compatible with **TOTP (Time-based One-Time Passwords)**

### How to set up 2FA

1. Click **Enable Authenticator** in your Security Settings
2. Confirm your identity (OTP, 2FA, or Passkey depending on your setup)
3. Scan the QR code with your app
4. Enter the 6-digit code to activate

### To disable the authenticator app code

* You’ll be asked to verify using **Passkey**
* If you don’t have Passkey, you’ll need to enter **2FA + OTP to your email**. Disabling 2FA triggers a **24-hour withdrawal cooldown**

<Tip>
  **Tip**: Most Authenticator Apps don’t support backup. If you're using one that does (like Authy), great. Otherwise, make sure to securely save the secret key when setting it up.

  This will allow you to recover 2FA access if you lose your phone or app.
</Tip>

## Email (login identity)

Your email is your base login method. You can change it anytime from the Security section.

### To change your email

1. Click **Change Email**
2. Verify with your strongest security method available.
3. Enter your new email and confirm it via OTP

Security rules for email changes:

* Withdrawals will be **paused for 24 hours**
* You can’t reuse a previous email for **30 days**
* You can’t use an email that’s already linked to another account

***

## Final tips

* **Email alone is not enough**. Secure your account now with additional security factors.
* **Enable Passkey first**, then Authenticator App (2FA) for extra protection
* Any sensitive changes (email, 2FA, Passkey) will require strong verification
* If you lose access to your Passkey or 2FA, fallback methods allow recovery if both are set

## Need help?

Still have questions? You can speak to **Roxy**, our AI support assistant, available 24/7 in the chat bubble at the bottom right of your screen.

You can also contact our support team directly at [help@roxom.com](mailto:help@roxom.com).

Looking to recover your account or reset your security methods? Contact our support team at [help@roxom.com](mailto:help@roxom.com) for assistance.

***

## Related articles

<CardGroup cols="2">
  <Card title="Account restrictions: what you need to know" href="/help-center/security-access/account-restrictions-what-you-need-to-know">
    Open article
  </Card>

  <Card title="Impersonation & phishing" href="/help-center/security-guides/impersonation-and-phishing">
    How to verify Roxom communications and avoid phishing.
  </Card>
</CardGroup>
