Skip to main content
Chainbook provides multiple security options to protect your account and data.

Authentication Options

Password

Traditional email and password authentication.

Passkeys

Modern passwordless authentication using biometrics or security keys.

Password Security

Setting a Strong Password

Your password should be:
  • At least 8 characters long
  • Include uppercase and lowercase letters
  • Include numbers
  • Include special characters
Use a password manager to generate and store strong, unique passwords.

Changing Your Password

1

Go to Settings

Navigate to Settings from the sidebar.
2

Find Password section

Locate the Security or Password section.
3

Enter current password

Verify your identity by entering your current password.
4

Enter new password

Type your new password twice to confirm.
5

Save changes

Click Update Password.
Your password is updated. Use it on your next sign-in.

Forgot Password

If you forgot your password:
  1. Go to the sign-in page
  2. Click Forgot Password
  3. Enter your email address
  4. Check your email for reset instructions
  5. Click the link and set a new password
Password reset links expire after 1 hour for security.

Passkeys

Passkeys offer passwordless authentication using:
  • Face ID or Touch ID on Apple devices
  • Windows Hello on Windows devices
  • Fingerprint sensors on Android devices
  • Hardware security keys (YubiKey, etc.)

Benefits of Passkeys

Phishing Resistant

Passkeys can’t be phished or stolen like passwords.

Convenient

Sign in with a quick biometric scan.

Cross-Device

Passkeys sync securely across your devices.

No Password to Remember

Eliminate the need for password memorization.

Adding a Passkey

1

Go to Settings

Navigate to SettingsSecurity or Passkeys.
2

Click Add Passkey

Click the Add Passkey button.
3

Authenticate

Your device prompts you to authenticate:
  • Use Face ID, Touch ID, or fingerprint
  • Use Windows Hello
  • Insert your security key
Your passkey is registered and ready to use.

Using Passkeys to Sign In

  1. Go to the sign-in page
  2. Click Sign in with Passkey
  3. Authenticate with your biometric or security key
  4. You’re signed in immediately

Managing Passkeys

View and manage your passkeys:
  1. Go to SettingsSecurity
  2. See list of registered passkeys
  3. Each passkey shows:
    • Device type
    • When it was added
    • Last used date

Removing a Passkey

To remove a passkey:
  1. Go to SettingsSecurity
  2. Find the passkey you want to remove
  3. Click Remove
  4. Confirm the removal
If you remove your last passkey and don’t have a password set, you’ll need to set a password first to maintain account access.

Account Recovery

If You Have a Password

Use the Forgot Password flow to reset via email.

If You Only Have Passkeys

Passkeys are tied to your devices. If you lose access to all devices:
  1. Try signing in on a device where your passkey synced
  2. Use your iCloud, Google, or Microsoft account recovery
  3. Contact support as a last resort
Set up both a password and passkeys for maximum flexibility and security.

Session Management

Active Sessions

View where your account is signed in:
  1. Go to SettingsSecurity
  2. Find Active Sessions
  3. See list of devices and browsers
Each session shows:
  • Device type and browser
  • Location (approximate)
  • Last activity time

Signing Out Other Sessions

To sign out a suspicious or old session:
  1. Find the session in the list
  2. Click Sign Out next to it
  3. That session is immediately terminated
If you see sessions you don’t recognize, sign them out and change your password immediately.

Security Best Practices

Password managers like 1Password, Bitwarden, or Apple Keychain:
  • Generate strong, unique passwords
  • Securely store your credentials
  • Auto-fill login forms
  • Sync across devices
Passkeys are more secure than passwords because:
  • They can’t be guessed or cracked
  • They’re resistant to phishing
  • They don’t work on fake websites
Periodically check your active sessions:
  • Sign out sessions you don’t recognize
  • Sign out old devices you no longer use
  • Report suspicious activity to support
Your email is used for password resets:
  • Use a strong, unique email password
  • Enable two-factor authentication on your email
  • Don’t share email access with others
On shared or public computers:
  • Always sign out when done
  • Don’t save passwords in the browser
  • Use private/incognito browsing
  • Consider using passkeys instead of typing passwords

Data Security

Encryption

  • In transit: All data encrypted with TLS 1.3
  • At rest: Database encrypted with AES-256
  • Passwords: Hashed with bcrypt (never stored in plain text)

Access Control

  • Only you and invited collaborators can see your data
  • Chainbook staff cannot access your data without permission
  • No data is shared with third parties

Infrastructure

  • Hosted on enterprise-grade cloud infrastructure
  • Regular security audits and penetration testing
  • 24/7 monitoring for suspicious activity

Reporting Security Issues

If you discover a security vulnerability:
  1. Email [email protected]
  2. Describe the issue in detail
  3. Include steps to reproduce if possible
  4. We’ll respond within 24 hours
We appreciate responsible disclosure and may offer rewards for significant findings.

Frequently Asked Questions

Passkeys provide strong authentication similar to 2FA. Traditional TOTP-based 2FA is on our roadmap.
Yes, you can have both enabled. Use whichever is convenient when signing in.
If your passkeys sync via iCloud, Google, or Microsoft, access them from another device. Otherwise, use your password to sign in.
Chainbook never asks for or stores private keys. We only track public wallet addresses using publicly available blockchain data.