Skip to main content

Account Security

Your account security settings and tips to stay protected.

Two-Factor Authentication (2FA)

The single best thing you can do for security.

What Is It?

After entering your password, you'll need a second code from your phone. Even if someone steals your password, they can't get in without your phone.

How to Enable

  1. Go to Settings → Security
  2. Click Enable Two-Factor Authentication
  3. Choose your method:
    • Authenticator App (recommended) — Google Authenticator, Authy
    • SMS — Text message codes
  4. Follow the setup steps
  5. Save your backup codes!
Save Your Backup Codes

When you enable 2FA, you get 10 backup codes. Save these somewhere safe (password manager, printed in a secure location). If you lose your phone, these are your only way back in.

Password Best Practices

If you signed up with email:

Good Passwords

  • ✅ At least 12 characters
  • ✅ Mix of letters, numbers, symbols
  • ✅ Unique (not used anywhere else)
  • ✅ Consider a passphrase: correct-horse-battery-staple

Bad Passwords

  • ❌ Short (under 10 characters)
  • ❌ Common words: password123
  • ❌ Personal info: birthday, pet name
  • ❌ Reused from other sites

Password Managers

Use one! They generate and remember strong unique passwords for every site.

Popular options:

  • 1Password
  • Bitwarden (free)
  • LastPass
  • Apple Keychain / Google Password Manager

Session Management

See Active Sessions

View everywhere you're logged in:

  1. Go to Settings → Security → Active Sessions
  2. See all devices and locations
  3. Click Revoke on any you don't recognize

Automatic Logout

Sessions expire after 30 days of inactivity. Sensitive actions (like changing your password) require re-authentication.

Lost Your Phone?

  1. Log in on another device
  2. Go to Settings → Security → Active Sessions
  3. Revoke the session from your lost phone
  4. Consider changing your password just in case

Login Notifications

We email you when:

  • ✉️ Someone logs in from a new device
  • ✉️ Your password is changed
  • ✉️ 2FA is enabled or disabled
  • ✉️ A new bank account is connected

If you get a notification you don't recognize, change your password immediately.

Connected Apps

View and manage apps connected to your account:

  1. Go to Settings → Security → Connected Apps
  2. See what has access
  3. Revoke any you don't use

Security Checklist

How secure is your account? Check these off:

  • Strong, unique password
  • Two-factor authentication enabled
  • Backup codes saved securely
  • Login notifications turned on
  • Active sessions reviewed recently
  • Recovery email/phone up to date

If Something Goes Wrong

Suspicious Activity?

  1. Change your password immediately
  2. Enable 2FA if you haven't
  3. Revoke all sessions
  4. Email security@antfinance.app

Locked Out?

  1. Try "Forgot Password" on the login page
  2. Use a backup code if you have 2FA
  3. Email ant@antfinance.app with proof of identity

Think You've Been Hacked?

  1. Change your password NOW
  2. Revoke all sessions
  3. Check for unauthorized bank connections
  4. Contact us immediately at security@antfinance.app

We respond to security issues within 24 hours.