• Keep your Paxful account secure with 2FA

    Two-factor authentication (2FA) via SMS will no longer be supported starting November 14th, 2022. To secure your account, we highly recommend setting your 2FA up with Google Authenticator (GA) or Authy. Alternatively, although it’s less secure than GA or Authy, you can enable 2FA via email

    If you don’t get the chance to change your settings, starting on November 10, we’ll be sending your codes to your email instead of SMS. For those who use a combination of 2FA via SMS and Google Authenticator or Authy, your codes will be redirected to Google Authenticator or Authy instead.

     

  • What is 2FA?

    Two-factor authentication (2FA) is an additional layer of security where a user provides two different authentication factors to verify themselves. 2FA is often used to protect the user’s credentials, information, and any resources within the system. Only the user can access their specific 2FA alert, which is sent via Authy, Google Authenticator, or email. 

    2FA is a secondary layer of security used to safehold your account. With an authenticator, you receive a code you will need to input to log in to your account or complete any trades. 

    There are several different types of authenticators or 2FA methods you can use. The three options are:

    • Google Authenticator
    • Twilio Authy
    • Email

    To set up 2FA, you’ll need to first set up your security questions in your account settings

     

  • How to Set Up Google Authenticator (GA)

    To set up 2FA with Google Authenticator (GA) follow the steps below:

    Google Authenticator Requirements:

    Setting up Google Authenticator:

    1. Once the GA app is installed, login into your Paxful account on a different device.
    2.  Hover over your username on the top right corner of the page and click Settings_Icon_.png Settings from the menu.
      2FA_profile_menu.png
    3. On the settings menu, click Security_Icon.pngSecurity.
      Security_Menu_.png
    4. On the security page, under Two-factor authentication (2FA) settings, choose Google Authenticator.
      Screen_Shot_2022-11-22_at_12.52.08_PM.png
    5. Click Activate now and a QR code appears.
    6. Scan the QR code with your phone by using the Google Authenticator app. A 6-digit code will appear on the app or you can copy the code for manual setup.
      Screen_Shot_2022-11-22_at_8.07.35_PM.png
    7. Enter the 6-digit code into the field below the QR code. Your code will be automatically submitted once you input the code.
    8. Once your code is automatically submitted, a menu will appear.
      To verify that 2FA via GA is turned on, make sure it says Activated. For more security, check all the toggles under the Enable 2FA column.
      Screen_Shot_2022-11-22_at_8.16.19_PM.png
    9. When all toggles are blue, you’re done! 2FA via Google Authenticator is set up. 

    Note:

    To troubleshoot 2FA via Google Authenticator (GA), visit our help center page.

     

  • How to Enable 2FA with Authy

    To set up 2FA with Twilio Authy follow the steps below: 

    Twilio Authy Requirements:

    Setting up Authy:

    1. Login to your Paxful account on a different device. 
    2.  Hover over your username on the top right of the page and click   Settings_Icon_.png Settings from the menu.

      Paxful_Drop_Down_Menu_.png
    3. On the settings menu, click Security_Icon.pngSecurity
      Security_Menu_.png
    4.  On the security page, under Two-factor authentication (2FA) settings, choose Authy.
      Screen_Shot_2022-11-22_at_12.52.08_PM.png
    5. Click Activate now and a QR code appears.
      Screen_Shot_2022-11-22_at_8.07.35_PM.png

    6. Scan the QR code with your phone by using the Authy app. A 6-digit code will appear on the app or you can copy the code for manual setup.
      Authy_App_Image.jpg
    7. Enter the 6-digit code into the field next to the QR code. Your code will be automatically submitted once you input the code.
    8. Once your code is automatically submitted, a menu will appear.
      To verify that 2FA via Twilio Authy is turned on, make sure it says Activated. For more security, check all the toggles under the Enable 2FA column.
      Screen_Shot_2022-11-22_at_8.16.19_PM.png
    9. When all toggles are blue, you’re done! 2FA via Twilio Authy is set up.
       

      Note:

      To troubleshoot 2FA with Authy, visit our help center page.

       

  • How to Enable 2FA with Email

    To set up 2FA with email, follow the steps below:

    Setting up 2FA with email:

    1. Login to your Paxful account.

    2. Hover over your username on the top right of the page and click on the  Settings_Icon_.png  Settings button.
    2FA_profile_menu.png

    3. In the Settings menu, click on  Security_Icon.pngSecurity.

    Security_Menu_.png

    4. On the Security page, under Two-factor authentication (2FA) settings, choose Email.

    Screen_Shot_2022-10-21_at_12.48.04_PM.png

    5. Click Activate now.

    6. Click on Enable 2FA via email and a menu will appear. 

     Screen_Shot_2022-10-20_at_9.40.28_PM.png

    To verify that 2FA via email is turned on, make sure it says Activated. For more security, check all the toggles under the Enable 2FA column.

    Screen_Shot_2022-10-20_at_9.43.35_PM.png

    7. You’ll receive a code in the email you used to create your Paxful account.

    8. Input the 6-digit code found in the email.

    9. When all the toggles are blue, you’re done! 2FA via email is set up.

     

  • Troubleshooting 2FA

    If you’re having issues receiving a two-factor authentication (2FA) email code or if your Google Authenticator (GA) codes aren’t working, please try the following troubleshooting tips:

    Google Authenticator and Authy

    If your GA codes don’t work, it might be because the time on your Google Authenticator app is not synced correctly with your device. Make sure to check the clock and set it to the correct time zone. An incorrect clock can cause codes to be out of sync.

    Email

    If you’re having issues receiving a 2FA via email code, please check the following:

    • Make sure your inbox is not full. 
    • Make sure emails from Paxful are not going into your spam folder. 
    • Make sure your email is verified on your Paxful account.

    SMS

    2FA via SMS is no longer supported on Paxful. If you had 2FA via SMS enabled, we’ll be sending your codes to your email instead. 

    For those who use a combination of 2FA via SMS and Google Authenticator or Authy, your codes will be redirected to Google Authenticator or Authy instead. 

    If you haven’t been using 2FA via Google Authenticator or Authy or your email is not verified on your Paxful account, please contact our support team to reset your 2FA. 

  • Restoring Access to 2FA

    Having 2FA set on your account significantly improves the security level of your cryptocurrency wallet. However, sometimes you may lose access to your 2FA due to any of the following reasons:

    • Your phone is lost or damaged.
    • The authentication app is deleted.
    • You switch to a new device, and the app with all the codes cannot be transferred to your new device.

    If this happens, click "Trouble logging in?" when you're asked to enter your 2FA code. From there, we'll ask you some questions and we'll see how we can help.

     

  • How to Stay Safe on Paxful

    Your safety on the platform is our top priority at Paxful, so we’ve put together this list of tips and tricks to help keep your account safe. 

    Protect yourself in the trade

    1. Stay in the trade chat.

    • Although there are times when you might need to exit the chat to finish, try not to click on suspicious links that you aren’t familiar with, especially phishing links. 
    • Be cautious of users asking you to cancel a trade or switch over to a different offer link. Keep an eye out for users not following offer guidelines. 
    • Don’t chat outside of Paxful’s trade chat. If your trade ends up in a dispute, our team can’t help resolve the issue since it happened outside of Paxful. 
    • Check if the address on your browser matches https://paxful.com before entering any account details.

    2. Don’t share your personal information. 

    • Don’t share any contact or personal information on the trade chat—users may try to scam you on off-site trades, impersonate you, or show that you have traded with them off-escrow.

    3. Learn how to identify the real Paxful moderators. 

    • It’s important to know that our moderators have specific chat bubbles and signatures to let you know that it’s really us. Here’s what a message from a real Paxful moderator will look like:
      moderator.png

     

    Protecting your Paxful account

    1. Two-factor authentication

    • We highly recommend setting up 2FA as soon as you create your Paxful account. You can set this up in your account settings. Although we recommend using Authy or Google Authenticator for more security, you can also use your email for 2FA.

    2. Security questions

    • We highly recommend setting up your security questions when you create your Paxful account, but you can set them up at any time in your account settings. Be sure to pick questions and answers you won’t forget!

    3. Active sessions

    • We recommend frequently checking all the devices you’re currently logged into. You can check this in the Security tab of your Paxful account. If you don’t recognize a device, click on the “X” to log your account out of that device. If this happens, we recommend changing your password immediately.
      browser.png

     

    Protection measures outside of your Paxful account

    Even when you’re not logged in and actively trading, it’s important to keep your Paxful account and systems safe. 

    1. Email and passwords

    • Creating passwords. When creating a password, make sure to use a combination of upper and lower case letters, numbers, and special characters.
    • Don’t use the same passwords. It’s essential to have different passwords for your email and your Paxful account. This is because hackers usually target your emails. In a worst-case scenario, if a hacker gets access to your email, they’ll be able to access the funds in your Paxful Wallet.
    • Never share your password. Be cautious of users asking for sensitive information like your password in the trade chat. The Paxful team will NEVER ask for your password or other sensitive account information. If you’re in a dispute and our moderators ask you to provide a screenshot or a video as proof, make sure your passwords are not visible. 
    • Protect your email address. Make sure you protect the email address connected to your Paxful account and don’t share it in a trade chat. Your email is a gateway to your account so be sure to keep it to yourself.
    • Be cautious of SMS messages and emails from unfamiliar senders. Don’t interact with suspicious emails, give away sensitive data, or click on any links that seem suspicious. For additional information see: I have received a suspicious email. Is it from Paxful?

    2. Computer health checklist

    • Keep your systems up to date. This includes your computer, smartphone, browser, and other software.
    • Don’t download anything unnecessary. Additionally, if you don’t know the developer or aren’t sure if you trust it, don’t download the software or program.
    • Use officially-licensed software. Make sure you’re using software that is trusted and licensed. Remember to keep these programs up to date as well. This includes antivirus, anti-malware, personal firewall programs, etc.

    3. Use secure networks

    • Make sure you’re using trusted and secure Wi-Fi and networks—preferably a wired connection or a network with a password.

     

    •  
    •  
    •  
  • Setting Security Questions

    Security questions are an essential part of protecting your account on Paxful. Security questions help to restore access to your account in case you lose it. Follow these steps to configure your security questions.

    1. Log in to your Paxful account, hover over your username on the top right of the page and click Settings from the context menu that appears.
    Email_verification_1_2_copy.png
    The Settings page appears.
    2. On the menu on the left, click SET SECURITY QUESTIONS.
    Questions2.png

    Set your security questions dialog box appears.
    3. Click the Set answers link.
    Questions3.png
    The Set answers dialog box appears.
    4. Select 3 security questions from drop-down lists. Type the corresponding answers into the fields under the questions.
    Questions4.png

    Warning: Double-check your answers and ensure that you remember them. In case of necessity, you must provide answers to these questions exactly as they were written in the fields. If you forget your answers, this will make the process of restoring access to your account more difficult.

    Tip: When choosing answers for your security questions, consider using information that cannot be found on your social media profiles. For example, do not answer the question “who was your best friend in school?” with a person's name but consider using his nickname instead.

     5. Click Save.
    Questions5.png
    Your security questions are set. You are redirected to return to the Account settings page.


    For additional information on how to secure your account, check our security guide.

  • What Should I Do if Someone Logged Into My Account?

    If you think someone has gained access to your account or you suspect that your login details have been compromised, then you must take care of a few things even before contacting support. Enabling 2-Factor Authentication is a good way to prevent this from ever happening. But, in the case of such a mishap, here’s what you can do:

    If someone logged into your account but you still have access to it.

    Do one of the following:

      1. Usually, whenever there is a new or unexpected login on your account, we immediately notify you via email with a link to report to lock your account if you suspect intrusion. So just click the link in the email. Your account is locked immediately and all sessions are terminated. The faster you act, the higher the chances of saving your BTC. Next, contact support to restore access to your account. After, take steps to protect your account
      2. Alternatively, while logged in to your account, simply proceed with the following steps.

    Steps to protect your account:

    1. Change your password to something secure (a password that you have NOT USED on other sites or emails). Try to make your password as complex as possible, but at the same time be sure to remember it.
    2. Check to ensure that none of your other settings such as your email or phone number were changed. If they were changed to something you don’t recognize, change them back.
    3. Go to your active sessions (Settings > Security > Active Sessions) and log out all sessions by clicking the Close icon next to them.
    4. Log out of your account.
    5. Log back in using your new password.
    6. Download Google Authenticator(iPhone/Android) or Authy (Mac/Windows).
    7. Turn on 2FA on Paxful and scan the code with your phone. Remember to turn 2FA on for BOTH login and sending out as it will make your transactions more secure. We recommend using Google Authenticator or Authy over SMS 2FA as it is more secure. Just bring up the app and get the code every time you want to log in or send crypto.
    8. Set your security questions and write them somewhere. You’ll need them if you ever lose your phone and need to reset your 2FA.

    Note:

    • If the support team can trace the hacker and recover any funds, we will contact you. Hackers often cover their actions very well and it is not possible to track them down to reverse cryptocurrency transactions.
    • It is advised that you change passwords to any other accounts you have online as hackers normally gain access by getting into your email or other accounts. 

    If you can’t log in to your account:

    1. Contact support and provide all the information required by our support agents. Once it’s verified that you are the account owner, inform support that you need an ACCOUNT LOCKDOWN. Support Team will see if there is enough data to prove you are not a hacker (and will try to give you access to your own account). Once it is verified that you are the victim and rightful account owner, account access will be restored.
    2. Once you log in, secure your account immediately.

    How did this happen and how can I prevent it from happening again?

    To prevent this from happening again, we suggest that you don’t use the same password across websites and that you have 2FA with Google Authenticator enabled.

    At Paxful, we are constantly improving our security processes to keep your funds as safe as possible.

    So where did the cryptocurrency go?

    • Check your account activity to see who logged into your account. Take note of their IP address.
    • Check your wallet ledger to see the cryptocurrency address they sent your coins to.

    With the cryptocurrency address and the IP address of the thief, you have some information but it is often impossible to track them down. Our support team does not have the resources to help you investigate further because hackers often use VPNs and also due to the general anonymity of cryptocurrency. It is nearly impossible to track them down, so try your best to make your account as secure as possible.

  • I Received a Suspicious Email or Link. Is it from Paxful?

    Did you receive an email or social media message from Paxful that looks suspicious? You may be a target of phishing, a cybercrime where someone poses as a legitimate company or government entity to obtain victims' personal information. 

    The most important thing is that you do not click on any links or download any attachments from the message that you received. These links and attachments can damage your device, and your data can potentially be exposed to thieves. 

    First and foremost, you'll want to report the message to our Support team. When you reach out to us, be sure to include all of the information from the emails or messages to help us investigate where it originated from. Reporting it in detail will also help us prevent other members from being targeted by these attempts.

    Information Paxful will never request

    We will never request the following information:

    • Your full credit card number, banking information, or other financial details
    • Your Paxful password
    • Your one-time two-factor authentication (2FA) code
    • Click a link to receive funds, verify info, and release or cancel the trade when you are already logged in (you can do that yourself on Paxful)

    We also won't send you links asking you to click to receive funds, verify your information, or release or cancel a trade when you're already logged in.

    Please report it to us immediately if you receive a message requesting any of the above information.

    How to spot a phishing link:

    While scammers change their tactics frequently, look for these classic signs of a phishing or spoofing attempt:

    • Make sure there are no spaces in the link provided.
    • There are no URLs inside pictures.
    • There are no links with/attached to QR codes 
    • We recommend you be very cautious with file-sharing links. These can lead to malware or hacking.
    • There is no ‘Whatsapp’ or other messengers inside pictures.
    • You receive emails or messages with .html attachments.
    • Also, keep your trades in Paxful. These links can be shared off-escrow without detection.

    How to spot a phishing email or chat message:

    While scammers change their tactics frequently, look for these classic signs of a phishing or spoofing attempt:

    • The user requests for your bank account, username, password, social security number, or identity. 
    • A claim is made that your account is compromised. In such cases, we may send only automated messages from “no-reply” email addresses.
    • You receive an unsolicited email with a link to verify your account information.
    • There are typos in the email address. It’s common to see something like [email protected]ppaxful.com.
    • You receive suspicious links that don’t lead to www.paxful.com. Before you enter your login information or click on a link, double-check the URL by copying it into your address bar without pressing Enter.
    • You receive emails that mimic our design. These emails aim to distract you from any typos in the email address or website links by using pictures and colors similar to our platform.

    Ways to Protect Yourself from Phishing Scams: 

    • Always report any suspicious activity to our Support team.
    • Check that a link, email, or message is actually from Paxful.com. We communicate using several social channels:
    • Do not click on any links, downloads, or attachments from questionable messages and emails.

     

    For more information on how to protect your account see our security guide.

  • I Forgot My Password

    To reset your password when you are not signed in to your Paxful account: 

    1. Click Log in button on the home page
    log_in.png
    2. Click “Forgot password?
    Forgot_Password.png
    3. Enter your phone number or email address and then click Request new password
    request_new_password.png

    From there, you'll receive an email from us with a link to reset your password. If you have 2FA enabled, you will be asked to input the 2FA code to complete your password reset request.


    Note:
     

    • If you received a password reset link via email, the link is valid for 60 minutes.
    • If you requested an email link multiple times, use the latest link you received.

    See our security guide for additional information on improving the safety of your account. You can also check how to change the password in your profile settings.

  • Changing Password from Profile Settings

    If you know your current password and can access your account, you can reset your Paxful password right from your account security settings!

    To change your password while logged into your Paxful account on the website:


    1. Hover over your username at the top right of the page and click Settings from the menu that appears.
    2. On the Settings page, click Security in the menu on the left side of the page.
    3. In the Change password section, complete the following fields:
    ResetPassword.png

    Field Name Description Comments
    Current Enter your current password. If you don't remember your current password, you cannot use this method to change it.
    Enter a new password Enter a new password. Your new password must :
    Be at least 6 characters long
    Have one lower case character
    Have one special character (@#* etc.)
    Have one number
    Have one uppercase character
    Verify password Re-enter the new password. The password should be the same as entered in the previous field.

    4. Click Change password.
    Your password reset is complete. You'll be logged out of the website and any other active sessions you're using. You'll also be logged out of the app. You'll need to log in again with your new password. You'll also receive an email from [email protected] confirming your password change.

    See our security guide for additional information on improving the safety of your account. If you do not remember your password, click here.