Security Features

security & account management account protection best practices protecting your sagemaster account and associated exchange accounts is crucial when trading digital assets follow these best practices to secure your investments strong password practices create unique passwords use a different strong password for sagemaster and each exchange length and complexity aim for at least 12 characters with a mix of uppercase, lowercase, numbers, and symbols avoid personal information don't use birthdays, names, or other easily guessable information update regularly change your passwords every 3 6 months consider a password manager tools like lastpass, 1password, or bitwarden can help generate and store strong passwords enable two factor authentication (2fa) always enable 2fa on both sagemaster and your connected exchanges use authenticator apps (like google authenticator or authy) instead of sms where possible store backup codes in a secure location for detailed 2fa setup instructions, see our 2fa setup guide api key security never share your api keys with anyone only grant the necessary permissions (read only when possible) enable ip restrictions when available regularly audit and rotate your api keys for more information, review our api key management guide device security keep your operating system and browsers updated use antivirus/anti malware software and keep it updated be cautious when using public wi fi networks (consider a vpn) lock your devices when not in use only download trading applications from official sources phishing prevention always verify website urls before entering credentials sagemaster will never ask for your private keys or exchange api secrets be suspicious of emails requesting account information check for ssl certificates (https //) before logging in bookmark official sites instead of using links from emails account monitoring regularly review account activity and trading history enable notifications for account logins and transactions report suspicious activity immediately periodically audit connected applications and api keys recovery options set up account recovery options (email, phone) store backup codes for 2fa in a secure, offline location consider using a hardware wallet for long term crypto storage document your recovery processes in a secure location 2fa setup guide two factor authentication adds an essential extra layer of security to your sagemaster account navigate to settings find the 2fa option in your account settings choose your 2fa method email receive codes via your registered email authenticator app generate codes on your mobile device setting up email 2fa select the email option verify your email address you'll receive a verification code each time you log in setting up authenticator app 2fa download a compatible authenticator app (google authenticator, authy, etc ) scan the provided qr code with your app enter the generated code to complete setup default 2fa method set your preferred method as default backup codes save your backup codes in a secure location recovery process if you lose access to your 2fa device use your backup codes contact support with account verification details more info https //docs sagemaster io/account management/2fa api key management managing your exchange api keys properly is critical for algorithmic trading security creating secure api keys create separate api keys for different purposes (trading, monitoring) use descriptive labels to identify keys easily only enable necessary permissions (avoid withdrawal permissions if not needed) use ip restrictions when possible to limit access to specific locations api key permissions guide different permission levels serve different purposes read only best for portfolio tracking and monitoring trading required for executing trades via sagemaster withdrawal typically not needed for automated trading (highest risk) monitoring and rotating api keys regularly review active api keys rotate keys every 3 6 months immediately revoke any keys you suspect may be compromised document which platforms use which keys exchange specific api security features many exchanges offer additional security features ip whitelisting limit api access to specific ip addresses key restrictions limit trading to specific pairs time based restrictions set keys to expire after a certain period trading limits set maximum order sizes troubleshooting api connections common issues with api connections include incorrect api key or secret entry insufficient permissions ip restriction conflicts exchange maintenance or outages "security is not a product, but a process " bruce schneier happy trading, the sagemaster team