Why secure access matters
Your online wallet contains more than a balance — it represents access to real value, identity, and control over digital assets. Whether you're using a major custodial service or a personal wallet, unauthorized access can result in financial loss and irreversible transfers. Prioritizing secure login practices reduces risk and gives you confidence when transacting.
Use the official channel
Always access your account through the official Uphold website or the official mobile app. Do not follow links sent via unsolicited email or social media messages. If you receive a suspicious link claiming to be a login page, navigate manually to the service by typing the known domain into your browser or using the official app store listing for mobile apps.
Enable multi-factor authentication (MFA)
Turn on multi-factor authentication (MFA) immediately. MFA adds a second layer of verification—usually a code from an authenticator app or SMS (authenticator apps are preferred). With MFA enabled, attackers who obtain your password alone will still be blocked. Use an authenticator app (TOTP), hardware security key (such as a YubiKey), or push-based MFA when available.
Create a strong, unique password
Use a long passphrase or a randomly-generated password for each service. Password managers make it easy to store and recall unique credentials. Avoid reusing passwords across multiple services. Consider using a passphrase of several unrelated words or a reputable password generator built into your password manager.
Recognize common scams
Scammers often pressure you to "verify" or "restore access" urgently. They may mimic support language, claim that funds are at risk, or request private keys, seed phrases, or one-time codes. Legitimate support will never ask for your password, seed phrase, or full MFA codes. If in doubt, contact official support using contact options on the service’s verified site.
Protect backup and recovery details
Keep seed phrases and private keys offline and secure. Never type them into a website or share them with anyone. Store backups in a safe place — ideally physically separated copies in secure locations. If a service offers recovery options tied to email or phone, make sure those accounts are protected by strong authentication as well.
Keep software up to date
Keep your browser, operating system, and mobile apps updated to get the latest security patches. Use reputable browsers and enable automatic updates where possible. Avoid using outdated plugins or extensions that could intercept or alter web pages.
Check for secure connections
When signing in, verify the browser shows a secure connection (a padlock icon) and that the domain name is correct. HTTPS is not a guarantee of legitimacy by itself, but it protects against passive interception of traffic. For high-value operations, consider using dedicated, hardened devices.
Regularly review account activity
Periodically review recent activity, authorized devices, and connected third-party apps. Revoke access for unknown devices and remove permissions for third-party services you do not use. Keeping a close eye on account activity helps you spot unauthorized access early and take corrective action.
What to do if you suspect compromise
If you suspect your account is compromised, immediately change your password, revoke active sessions, and contact official support. If funds have been moved, document transactions and reach out to support quickly — some services may have steps to freeze or monitor suspicious activity. Notify any linked email or financial accounts and, where appropriate, law enforcement.
This guide is educational and does not replace official documentation. For account-specific help, always consult official support channels.