Secure account access is foundational to any digital asset platform. This document is intended to guide users through the recommended procedures for signing into HTX accounts safely, protecting authentication credentials, and validating official software and web properties. The objective is to reduce account compromise risks — whether from phishing attempts, credential reuse, or device malware.
Authentication best practices
Enforce a unique, high-entropy password that is not reused across other services. Preferably generate passwords using a reputable password manager which also simplifies secure cross-device use. Where possible, enable two-factor authentication (2FA). HTX supports multiple 2FA modalities: time-based one-time passwords (TOTP) through authenticator applications and hardware-backed security keys (FIDO2 / WebAuthn). Hardware keys provide the strongest protection against remote phishing because the private key never leaves the hardware device and a relying party check is performed externally via the browser.
Session safety and device hygiene
Use dedicated browsers for high-value accounts and keep software patched. Avoid logging in from public or unknown devices. If you must use a device you do not own, prefer the HTX mobile apps (when available) and ensure you sign out completely and revoke active sessions. Regularly audit account sessions and authorized applications in the HTX account settings, and immediately revoke any sessions you do not recognize.
Download verification and domain checks
When installing desktop clients or mobile apps, always download from official HTX endpoints. Verify checksums and digital signatures when HTX publishes them; this step ensures the binary you install matches the one released by the vendor. Confirm the URL uses HTTPS and the certificate matches the expected organizational details. Phishing sites may use lookalike domains with minor character substitutions; pay particular attention to the domain name and SSL details.
Recovery and account guardianship
HTX account recovery procedures differ from self-custody wallet recovery. For centralized accounts, maintain updated account recovery information (email address and phone number) and consider enabling withdrawal whitelists, which restrict target addresses for outgoing transfers. For institutional accounts, use multi-user policies, dedicated custody solutions, and segregated role-based access to enforce separation of duties.
Operational security for traders and custodians
Traders managing significant holdings should adopt an operational security (OpSec) approach: use hardware wallets where applicable, distribute assets across cold and hot wallets according to risk tolerance, and restrict API key permissions. Use IP allowlists for APIs and enable granular permissioning for programmatic access. For custodians, implement independent reconciliation processes and monitoring alerts.
Incident response & reporting
If you suspect unauthorized access, immediately change your password, revoke active API keys, and disable withdrawals when possible. Contact HTX support using the official support channels on HTX.com and provide transaction IDs, timestamps, and other forensic details. Keep copies of email threads and be cautious of follow-up communications — HTX will not request full authentication secrets via email or phone.
This template is an educational resource. For precise, up-to-date procedural steps and official downloads, consult HTX’s published documentation on the HTX website and reach out to HTX Support for account-specific assistance.