# Security
At Rails, the security of your account is our top priority. This section details how to secure or regain access to your account. Click the links below to jump to some common security topics:
{% hint style="danger" %}
If you have urgent login issues, please contact us via [email](https://railsxyz.zendesk.com/hc/en-us/requests/new).
{% endhint %}
## Password Reset
For your security, we recommend updating your password regularly. You can change it proactively at any time, either from your account settings while logged in, or from the login screen if you’ve forgotten it.
Click the expandable sections below to see detailed instructions for each method.
Reset from Login Screen
1. Go to the [login page](https://trade.rails.xyz/trade/BTC-USD).
2. Click on **Forgot Password:**
3. Insert the email associated with your account and click **Next**.
4. Check your email for instructions on resetting your password.
{% hint style="info" %}
If you do not receive a Password Reset email within 5 minutes, check your spam folder or follow these [troubleshooting tips](/support/troubleshooting-tips.md#email-not-received).
{% endhint %}
5. Click on **Reset your password** in the email.
6. Type in your new password and confirm it in the fields provided and click **Next**.
Once successfully changed, you can use your new password to Sign in.
Reset from Settings
1. [Login](https://trade.rails.xyz/trade/BTC-USD) to your Rails account.
2. Click on the **Options button** (Username) on the top right corner and then select **Settings**.
\
You will automatically be directed to the ***Change Password*** section of the Security page.
3. Input your new password in the **New Password** field.
4. Re-enter your new password in the **Confirm Password** to confirm it’s accurate.
3. Click **Update Password**.
## Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) adds an extra layer of protection to your login process by requiring more than just your password. With MFA enabled, you’ll be asked to verify your identity using an additional factor from the following options:
**One-Time Passcode (OTP)**
An OTP is a short, temporary security code we email you before you sign in. Each OTP is valid for a single use and expires within 10 minutes, helping to ensure that only you can access your account.
Setting up OTP
Complete the following steps to set up an OTP on your account:
1. Click on the **Options button** (your username) on the top right of the trading page, then click **Settings**.
2. You will automatically be directed to the Security page. Select **Multi-Factor Authentication**.
3. Click the **toggle switch** to enable OTP. It will move to the right and become blue when enabled.
If you wish to disable OTP at any point, click the toggle switch again until it is left aligned.
Signing in using OTP
1. Go to the [login page](https://trade.rails.xyz/trade/BTC-USD).
{% hint style="info" %}
You will not be asked to complete OTP if you [Sign in with Google](#single-sign-on-sso-with-google), even if it's enabled.
{% endhint %}
2. Input your email and password and click **Sign In.**
3. If you have both OTP and passkeys enabled, you will be prompted to select between the two verification methods. Ensure the OTP option is selected then click **Sign In**.
4. You will be prompted to input the code. Check your email for a unique passcode as displayed below.
5. Navigate back to the sign in screen, input the code and click **Sign in**.
If successful, you will be directed to Rails' main trading page.
{% hint style="warning" %}
Check out our [troubleshooting tips](/support/troubleshooting-tips.md#sign-up-and-security) if you are having trouble logging in.
{% endhint %}
**Passkey**
Passkeys are secure digital credentials stored on your device, offering an extra security layer for your account. They use advanced encryption and biometric verification (e.g., Face ID, fingerprint) or a device PIN for quick and secure identity verification. Physical security keys like YubiKey can also be used as passkeys to enhance security.
Setting up a Passkey
1. Click on the **Options button** (your username) on the top right of the trading page, then click **Settings**.
2. You will automatically be directed to the Security page. Select **Multi-Factor Authentication**.
3. Click on **Create Passkey.**
4. Your device may suggest a specific passkey method (e.g. 1Password, iCloud, etc.) based on what you have available. Follow the prompts to set up the suggested passkey, or click **X** or **Cancel** until you get a screen similar to the below screenshot to select your preferred passkey method.
5. Follow the verification prompts on your device, or jump to [supported passkeys](#supported-passkeys) to see steps for specific, common passkeys.
6. Once completed, you should see your passkey listed in your settings page as shown below.
5. Ensure the toggle for **Passkeys** is on. It will be blue and switched to the right.
To add additional passkeys, simply click the **Add Passkey** button in the bottom left corner and repeat this process.
{% hint style="success" %}
Edit your passkey names for easier identification by clicking the pencil icon in the Action column.
{% endhint %}
Signing in using Passkeys
1. Go to the [login page](https://trade.rails.xyz/trade/BTC-USD).
{% hint style="info" %}
You will not be asked to verify via passkey if you [Sign in with Google](#single-sign-on-sso-with-google), even if it's enabled.
{% endhint %}
2. Input your email and password and click **Sign In.**
3. If you have both OTP and passkeys enabled, you will be prompted to select between the two verification methods. Ensure **Sign in with a passkey** is selected then click **Sign In**.
4. Follow the prompts on your passkey. If successful, you will be directed to Rails' main trading page.
{% hint style="warning" %}
Check out our [troubleshooting tips](/support/troubleshooting-tips.md#sign-up-and-security) if you are having trouble logging in.
{% endhint %}
{% hint style="warning" %}
MFA does not apply to [Single Sign-on with Google](#single-sign-on-sso-with-google). Users will only be prompted to complete MFA when signing in with their login and password.
{% endhint %}
### Supported Passkeys
Rails supports a broad list of secure FIDO2-based passkeys for MFA. FIDO2 passkeys are secure digital credentials stored directly on your device. They use cryptographic keys paired with biometric verification (like fingerprint or facial recognition) or a PIN. Because passkeys are device-bound, they’re significantly more resistant to common cyber threats like phishing, credential theft, and password reuse attacks.
Click the expandable sections below to see step-by-step instructions on how to setup some of the most common passkeys.
#### Setting up Common Passkeys
If you have multiple passkey options on your device, it will decide the hierarchy of which one you are presented with first. Click **X** or **Cancel** when prompted if you wish to use or setup a different passkey.
iCloud Keychain
Mac users that utilize biometric (fingerprint) scan set up access to their passkey by using the following steps:
1. Your device may prompt you to setup a different passkey (e.g. Chrome, 1Password, etc.) proactively. Click **X** or **Cancel** until you get to the following screen, then select **iCloud Keychain**.
2. Use your fingerprint to allow for a passkey to be saved on your iCloud Keychain.
3. If saved successfully, this passkey will be saved in your security settings under passkeys as *iCloud Keychain*.
{% hint style="info" %}
Click the pencil icon to edit the passkey name if you're adding multiple passkeys or devices.
{% endhint %}
1Password
Users who have the 1Password browser extension are able to use their 1Password account to securely store their passkey by following these steps:
1. Unlock your 1Password account (if prompted).
2. Click New Item on the 1Password prompt and then click Save.
2. Your passkey is automatically created in 1Password and if successful, it will be listed in Settings > Security > MFA > Passkeys as *1Password*.
{% hint style="info" %}
Click the pencil icon to edit the passkey name if you're adding multiple passkeys or devices.
{% endhint %}
Chrome Profile
Users who have biometrics setup in their Chrome browser can also use this as a passkey method.
1. Your device may prompt you to setup a different passkey (e.g. iCloud, 1Password, etc.) proactively. Click **X** or **Cancel** until you get to the following screen, then select **Your Chrome profile**.
2. Ensure the right profile is selected and click **Continue.**
3. Provide biometric scan or password to continue.
4. If saved successfully, this passkey will be saved in Settings > Security > MFA > Passkeys. as *Chrome on Mac.*
{% hint style="info" %}
Click the pencil icon to edit the passkey name if you're adding multiple passkeys or devices.
{% endhint %}
Device QR Code or Security Key
Users are able to access their passkey by using another device or private security key by using the following steps:
1. Your device may prompt you to setup a different passkey (e.g. iCloud, 1Password, etc.) proactively. Click **X** or **Cancel** until you get to the following screen, then select **Use phone, tablet or Security Key**
2. When presented with this screen, you can choose to either use a camera on another device to scan the QR Code or insert and touch your security key to setup the passkey.
3. Follow the prompts on your device.
4. If saved successfully, this passkey will be visible in your passkey list in Settings > Security > MFA > Passkeys.
## Single Sign-On (SSO) with Google
Single Sign-on (SSO) with Google lets you quickly and securely log into your account using your existing Google credentials. Instead of managing a separate username and password, you simply authenticate through your Google account. This adds convenience, enhanced security and a faster login process.
Setting up SSO with Google
1. Visit the [login page](https://trade.rails.xyz/trade/BTC-USD) and click **Sign in with Google**.
2. Choose the Google account you would like to sign in with.
3. Click **Continue** on the confirmation screen.
You should now be logged in and navigated to your rails account automatically. If you're having issues, ensure the email is the one associated with your Rails account or checkout our [troubleshooting tips](/support/troubleshooting-tips.md).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://help.rails.xyz/general/security.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
