1. Noones Help Center
  2. Account
  3. Account Security

Account Security

  • Keep your Noones account secure with 2FA

    Two Factor Authentication (2FA) is an additional layer of security where the user must verify that they own the account with a code. 2FA is often used to protect the user’s credentials, information, and any resources within the system. Only the user can access their specific 2FA code, which you can get via Authy, Google Authenticator, or Email. 

    To secure your account, we highly recommend setting up your 2FA. Here are the different types of authenticators or 2FA methods you can use:

    Reminder: Before setting up your 2FA, you’ll need to set up your security questions in account settings first.

  • How to Enable 2FA with Google Authenticator (GA)

    Google Authenticator is an application that implements two-step verification services for our users as an added layer of security. It uses a time-based one-time password algorithm and HMAC-based one-time password algorithm for authenticating users of mobile applications by Google.

    To set up 2FA with Google Authenticator (GA) follow the steps below:

    • Download the GA app
    • Once the GA app is installed, login into your Noones account on a different device
    • Hover over your username on the top right corner of the page and click Settings from the menu
    • On the settings menu, click Security
    • On the security page, under Two-factor authentication (2FA) settings, choose Google Authenticator
    • Click Activate now and a QR code appears
    • Scan the QR code with your phone by using the Google Authenticator app. A 6-digit code will appear on the app or you can copy the code for manual setup.
    • Enter the 6-digit code into the field below the QR code. Your code will be automatically submitted once you input the code.
    • Once your code is automatically submitted, a menu will appear.
      • To verify that 2FA via GA is turned on, make sure it says Activated
      • For more security, check all the toggles under the Enable 2FA column
    • When all toggles are blue, you’re done! 2FA via Google Authenticator is set up

    Note:

    To troubleshoot 2FA via Google Authenticator (GA), visit our help center page.

     

  • How to Enable 2FA with Authy

    Enabling Two-Factor Authentication (2FA) can greatly enhance your account security. We recommend using Authy as it's more secure.

    To set up 2FA with Authy follow the steps below: 

    • Download the Authy app
    • Login to your Noones account on a different device
    • Hover over your username on the top right corner of the page and click Settings from the menu
    • On the settings menu, click Security
    • On the security page, under Two-factor authentication (2FA) settings, choose Authy
    • Click Activate now and a QR code appears
    • Scan the QR code with your phone by using the Authy app. A 6-digit code will appear on the app or you can copy the code for manual setup
    • Enter the 6-digit code into the field next to the QR code. Your code will be automatically submitted once you input the code
    • Once your code is automatically submitted, a menu will appear
      • To verify that 2FA via Twilio Authy is turned on, make sure it says Activated
      • For more security, check all the toggles under the Enable 2FA column
    • When all toggles are blue, you’re done! 2FA via Authy is set up

    Note:

    To troubleshoot 2FA with Authy, visit our help center page.

  • How to Enable 2FA with Email

    To set up 2FA with email, follow the steps below:

    • Login to your Noones account
    • Hover over your username on the top right corner of the page and click on the Settings button
    • On the settings menu, click on Security
    • On the Security page, under Two-factor authentication (2FA) settings, choose Email
    • Click Activate now
    • Click on Enable 2FA via email and a menu will appear
      • To verify that 2FA via email is turned on, make sure it says Activated
      • For more security, check all the toggles under the Enable 2FA column.
    • You’ll receive a code in the email you used to create your Noones account
    • Input the 6-digit code found in the email
    • When all the toggles are blue, you’re done! 2FA via email is set up
  • Troubleshooting 2FA

    Have problems with your two-factor authentication (2FA)? Here's how to troubleshoot 2FA via Google Authenticator (GA), Authy, or Email. 

    Google Authenticator (GA) and Authy

    If your GA/Authy codes don’t work, it might be because the time on your Google Authenticator app is not synced correctly with your device. Make sure to check the clock and set it to the correct time zone. An incorrect clock can cause codes to be out of sync.

    Email

    If you’re having issues receiving 2FA codes via email, please check the following:

    • Make sure your inbox is not full
    • Make sure emails from Noones are not going into your spam folder
    • Make sure your email is verified on your Noones account
    Note: If none of the mentioned steps worked, you can reset your 2FA by following the steps here or contact our support team. 
  • How to reset 2FA

    Setting up 2FA on your account significantly improves your wallet security, but sometimes you may lose access to your 2FA due to:

    • Your phone is lost or damaged
    • The authentication app is deleted
    • You switched to a new device and the app with all the codes cannot be transferred to your new device

    If this happens, click "Trouble logging in?" when you're asked to enter your 2FA code. From there, we'll ask you some questions and we'll see how we can help.

  • How to Stay Safe in Noones

    Your safety is a big priority for us, so we’ve put up this list of tips and tricks to help you keep your account safe.

    Protect yourself in the trade

    • Stay on the trade chat
      • Although there are times when you might need to exit the chat to finish, try not to click on suspicious links that you aren’t familiar with, especially phishing links. 
      • Be cautious of users asking you to cancel a trade or switch over to a different offer link. Keep an eye out for users not following the offer guidelines. 
      • Don't trade outside of Noones. If your trade ends up in a dispute, our team can’t help resolve the issue since it happened outside of Noones. 
      • Check if the address on your browser matches https://noones.com before entering any account details.
    • Don’t share your personal information
      • Don’t share any contact or personal information on the trade chat—users may try to scam you on off-site trades, impersonate you, or show that you have traded with them off-escrow.
    • Learn how to identify the real Noones moderators
      • It’s important to know that our moderators have specific chat bubbles and signatures to let you know that it’s really us.

    Protecting your Noones account

    • Two-factor authentication
    • Security questions
      • We highly recommend setting up your security questions when you create your Noones account in the account settings page. Be sure to pick questions and answers you won’t forget!
    • Active sessions
      • We recommend frequently checking all the devices you’re currently logged into. You can check this in the Security tab of your Noones account. If you don’t recognize a device, click on the “X” button to log out your account from that device. If this happens, we recommend changing your password immediately.

    Protection measures outside of your Noones account

    Even when you’re not logged in and actively trading, it’s important to keep your Noones account and systems safe. 

    • Email and passwords
      • Creating passwords. When creating a password, make sure to use a combination of upper and lower case letters, numbers, and special characters.
      • Don’t use the same passwords. It’s essential to have different passwords for your email and your Noones account. This is because hackers usually target your emails. In a worst-case scenario, if a hacker gets access to your email, they’ll be able to access the funds in your Noones Wallet.
      • Never share your password. Be cautious of users asking for sensitive information like your password in the trade chat. The Noones team will NEVER ask for your password or other sensitive account information. If you’re in a dispute and our moderators ask you to provide a screenshot or a video as proof, make sure your passwords are not visible. 
      • Protect your email address. Make sure you protect the email address connected to your Noones account and don’t share it in a trade chat. Your email is a gateway to your account so be sure to keep it to yourself.
      • Be cautious of SMS messages and emails from unfamiliar senders. Don’t interact with suspicious emails, give away sensitive data, or click on any links that seem suspicious. For additional information see: I have received a suspicious email. Is it from Noones?
    • Computer health checklist
      • Keep your systems up to date. This includes your computer, smartphone, browser, and other software.
      • Don’t download anything unnecessary. Additionally, if you don’t know the developer or aren’t sure if you trust it, don’t download the software or program.
      • Use officially-licensed software. Make sure you’re using a software that is trusted and licensed. Remember to keep these programs up to date as well. This includes antivirus, anti-malware, personal firewall programs, etc.
    • Use secure networks
      • Make sure you’re using a trusted and secure Wi-Fi and networks—preferably a wired connection or a network with a password.
  • Setting-up Security Questions

    Security questions help protect your account and restore access in case you lose it. Follow these steps to configure your questions.

    • Log in to your Noones account
    • Hover over your username on the top right corner of the page and click Settings from the context menu that appears
    • On the menu on the left, click SET SECURITY QUESTIONS
    • Click the Set answers link
    • Select 3 security questions from drop-down lists. Type the corresponding answers into the field under the questions

    Warning: Double-check your answers and ensure that you remember them. If necessary, you must provide answers to these questions exactly as they were written in the field. If you forget your answers, this will make the process of restoring access to your account more difficult.

    Tip: When choosing answers for your security questions, consider using information that cannot be found on your social media profiles. For example, do not answer the question “who was your best friend in school?” with a person's name but consider using his nickname instead.

    • Click Save, and you will be redirected to return to the Account settings page

    For additional information on how to secure your account, check our security guide.

  • What Should I Do if Someone Logged Into My Account?

    If you think someone has gained access to your account or suspect that login details have been compromised, here’s what you can do:

    Someone logged into your account but you can still access it

    Someone logged into your account and you can't access it

    Steps to protect your account

    So where did the cryptocurrency go?

    How did this happen and how can I prevent it from happening again?

    Someone logged into your account but you can still access it

    Usually, whenever there is a new or unexpected login on your account, we immediately notify you via email. If you suspect intrusion, contact support to restore access to your account, and take necessary steps to protect your account

    Alternatively, you can proceed with the following steps while logged in if you don't want to lock your account. 

    Someone logged into your account and you can't access it

    • Contact support and provide all the information required by our support team. Once account ownership is verified, our team will see if there is enough data to prove you are the real account owner. Once we verify that you are the victim and the rightful account owner, account access will be restored
    • Once you log in, secure your account immediately.

    Steps to protect your account:

    • Change your password to something secure (a password that you have NOT USED on other sites or emails). Try to make your password as complex as possible, but at the same time be sure to remember it.
    • Check to ensure that none of your other settings such as your email or phone number were changed. If they were changed to something you don’t recognize, change them back.
    • Go to your active sessions (Settings > Security > Active Sessions) and log out all sessions by clicking the Close icon next to them.
    • Log out of your account.
    • Log back in using your new password.
    • Download Google Authenticator(iPhone/Android) or Authy (Mac/Windows).
    • Turn on 2FA and scan the code with your phone. Remember to turn on 2FA for BOTH login and sending out as it will make your transactions more secure. We recommend using Google Authenticator or Authy as it is more secure. Just bring up the app and get the code every time you want to log in or send crypto.
    • Set your security questions and write them somewhere. You’ll need them if you ever lose your phone and need to reset your 2FA.

    Note:

    • If the support team can trace the hacker and recover any funds, we will contact you. Hackers often cover their actions very well and it is not possible to track them down to reverse cryptocurrency transactions.
    • It is advised that you change passwords to any other accounts you have online as hackers normally gain access by getting into your email or other accounts. 

     

    So where did the cryptocurrency go?

    • Check your account activity to see who logged into your account. Take note of their IP address.
    • Check your wallet ledger to see the cryptocurrency address they sent your coins to.

    With the cryptocurrency address and the IP address of the thief, you have some information but it is often impossible to track them down. Our support team does not have the resources to help you investigate further because hackers often use VPNs and also due to the general anonymity of cryptocurrency. It is nearly impossible to track them down, so try your best to make your account as secure as possible.

    How did this happen and how can I prevent it from happening again?

    To prevent this from happening again, we suggest that you don’t use the same password across websites and that you have 2FA enabled.

    At Noones, we are constantly improving our security processes to keep your funds as safe as possible.

  • I Received a Suspicious Email or Link — Is it from Noones?

    If you received a suspicious link or message from any entity claiming to be associated with us, report it ASAP to our support team. You may be a target of phishing, a cybercrime where someone poses as a legitimate company or government entity to obtain victims' personal information. 

    The most important thing is that you do not click on any links or download any attachments from the message that you received. These links and attachments can damage your device and your data can potentially be exposed to thieves. 

    First and foremost, you'll want to report the message to our Support team. When you reach out to us, be sure to include all of the information from the emails or messages to help us investigate where it originated from. Reporting it in detail will also help us prevent other members from being targeted by these attempts.

    Information Noones will never request:

    • Your full credit card number, banking information, or other financial details
    • Your Noones password
    • Your one-time two-factor authentication (2FA) code
    • Click a link to receive funds, verify info, and release or cancel the trade when you are already logged in (you can do that yourself in Noones)

    Please report it to us immediately if you receive a message requesting any of the above information.

    How to spot a phishing link:

    While scammers change their tactics frequently, look for these classic signs of phishing or spoofing attempt:

    • Make sure there are no spaces on the link provided
    • There are no URLs inside the pictures
    • There are no links attached to QR codes
    • We recommend you to be very cautious with file-sharing links. These can lead to malware or hacking.
    • There is no ‘Whatsapp’ or other messengers inside the pictures
    • Emails or messages with .html attachments

    These links can be shared off-escrow without detection, so always keep your trades in Noones.

    How to spot a phishing email or chat message:

    While scammers change their tactics frequently, look for these classic signs of a phishing or spoofing attempt:

    • The user requests for your bank account, username, password, social security number, or identity
    • A claim is made that your account is compromised; In such cases, we only send automated messages from “no-reply” email addresses
    • Unsolicited email with a link to verify your account information
    • There are typos in the email address. It’s common to see something like "support@nnoones.com"
    • Suspicious links that don’t lead to www.noones.com. Before you enter your login information or click on a link, double-check the URL by copying it into your address bar without pressing Enter
    • You receive emails that mimic our design. These emails aim to distract you from any typos in the email address or website links by using pictures and colors similar to our platform.

    Ways to Protect Yourself from Phishing Scams: 

    • Always report any suspicious activity to our Support team.
    • Check if the link, email, or message is actually from Noones.com. We communicate using our official social channels:
    • Do not click on any links, downloads, or attachments from questionable messages and emails.

    For more information on how to protect your account see our security guide.

  • Password Reset

    I want to change my password

    I forgot my password

    I want to change my password:

    If you know your current password and can access your account, you can reset your password right from your account security settings. To change your password while logged into your Noones account on the website:

    • Hover over your username at the top right corner of the page and click Settings from the menu that appears.
    • On the Settings page, click Security
    • On the Change password section, complete the following fields:
    Field Name Description Comments
    Current Enter your current password If you don't remember your current password, follow this steps instead. 
    Enter a new password Enter a new password

    Your new password must:

    • Be at least 6 characters long

    It would be better if your new password will contain:

    • Have one lower case character
    • Have one special character (@#* etc.)
    • Have one number
    • Have one uppercase character
    Verify password Re-enter the new password The password should be the same as entered in the previous field.
    • Click Change password; Once completed, you'll be logged out of the website (including the app) and any other active sessions you're using.
    • You'll also receive an email from noreply@noones.com confirming your password change, and you'll need to log in again with your new password.

    I forgot my password:

    If you forgot your password and can't sign in to your Noones account, follow these steps to reset and request a new password:

    • Click Log in button on the home page
    • Click “Forgot password?
    • Enter your phone number or email address and then click Request new password

    See our security guide for additional information on improving your account's safety.