We are vigilant in maintaining the security of our website and services.
Maintaining the confidentiality of account information, including login credentials, Recovery key, and private keys is the responsibility of the user.
Please refer to our Terms and conditions for more detailed information.
We kindly advise you to follow these guidelines to help secure your account and funds and to help avoid scenarios listed below.
Login email security
Update your GateHub access email security.
Create and use an email dedicated exclusively for GateHub. Use a unique and complex password ideally composed of upper and lowercase letters, digits and symbols for your email and enable 2-Factor Authentication to accesses it.
Login password
Update your GateHub login password.
Make sure to use a strong and unique passphrase, that is at least 12 characters long and is composed of at least some of the following:
- lower-case letters,
- upper-case letters,
- numbers.
When setting a password for your GateHub account make sure to avoid:
- Using the same password you use anywhere else.
- Using words you can find in the dictionary.
- Using passwords shown as an "example of strong passwords".
- Personal information, such as names and birth dates.
- Using simple keyboard patterns, like "qwerty" or "12345" (particularly avoid sequences of numbers in order).
- Common acronyms.
- Using only one type of character, such as all numbers, all upper-case letters, all lower-case letters, etc.
- Repeating characters, such as mmmm3333.
A password manager like 1Password, LastPass or KeePass can help you generate and store all your passwords. Keep your password secret and securely stored.
2-Factor Authentication
Enable 2-Factor Authentication for your GateHub account and safely store the 2FA backup code (“Authentication key”).
Bookmark gatehub.net
Bookmark gatehub.net to avoid falling victim to phishing and potentially fraudulent sites (please see article ATTENTION: Potentially fraudulent sites). It is also recommended to enable auto-update for your browser.
Set an anti-phishing email message
Set your own unique message that will display on every system email received from GateHub to avoid falling victim to phishing emails (for more details please refer to the article Anti-phishing email security precaution).
Offline storage of your GateHub credentials
Make sure your GateHub recovery key and other credentials (i.e. XRP Ledger wallet secret keys) are stored in a safe place (offline storage or paper copies). A password manager can usually be used to store information other than passwords safely. We advise against saving your sensitive information in your email or any other online storage.
In the event of a detected security breach, we advise you to create a new GateHub account and transfer any remaining funds to a new XRP Ledger wallet or GateHub hosted wallet.
Possible scenarios
A user email account is compromised.
In case the account or wallet credentials like recovery key or XRP Ledger wallet secret key are stored on the user email and the user email is compromised, the attackers are able to extract the account or wallet credentials.
A GateHub account is compromised.
User credentials are entered at a phishing website which allows attackers access to an account.
User email is compromised and attackers are able to extract login information.
User security settings are too weak (password strength, disabled 2FA).
An XRP Ledger wallet secret key is compromised.
An XRP Ledger wallet secret key is stored and/or shared online.
Whoever owns an XRP Ledger wallet secret key has full control over the contents and actions of an XRP Ledger wallet. By using an XRP Ledger wallet secret key, an XRP Ledger wallet may be manipulated outside GateHub or within another GateHub account.