How do I keep my Luno account safe?

a shield protecting crypto coins

Luno will keep your cryptocurrency safe, but only you can protect your wallet from being accessed by intruders. If your sign-in details are stolen and used to steal crypto from your Luno wallet, there's nothing you or Luno can do to get it back.

That’s why we created this list of good practices to help you keep your wallet safe.

Passkeys are a streamlined method for logging into your Luno account, replacing traditional passwords with options like Face ID, fingerprint, or a lock screen PIN for faster access.

They offer enhanced security through encrypted credentials stored locally and in your cloud account, providing greater protection against phishing and hacking attempts. Setting up a passkey adds an extra layer of security, ensuring that only you can easily and securely access your account.

Here's how to sign in using a passkey

  1. Sign in to Luno

  2. Navigate to Profile and select Security

  3. Select Passkeys, then ADD A PASSKEY

  4. Continue as prompted by your device

Success! You’ve set up your passkey.

Tip

Learn more about passkeys in the following articles:

 

It’s extremely important that you use a strong password. Not only must your Luno password be strong - it must also be unique.

If you’re using the same password on your Luno account as your email or your social media accounts, then you’re basically betting the keys to your Luno crypto wallet on you never having clicked on a phishing link.

To protect yourself even further, it’s good practice to use a password manager, which allows you to create and remember secure passwords.

Tip

A password manager is an app on your phone, tablet, or computer that stores your passwords securely, so you don’t need to remember them all. Password managers also synchronise your passwords across all your different devices, making it easier for you to log in, wherever you are.

It’s good practice to update your password regularly. You can update it from the Security Centre.

Here's how

  1. Sign in to the Luno app or website, and select Profile from the menu

  2. Select Security, and then Password - which is where you can update your password

  3. Enter your current password, and then enter your new password. Select NEXT when done

  4. Enter your four-digit Luno PIN to confirm the password update

Success! You’ve reset your password. You’ll receive an SMS to confirm the change.

This is such a powerful security measure, it shouldn’t be regarded as optional. With enough time and computer power, any password can be guessed.

Tip

We’ve written an article to help you set up two-factor authentication on your Luno account.

This feature gives you the option to set up biometric authentication (Touch ID or Face ID if you use iOS) for various security features within your Luno account, such as unlocking your app and confirming transactions.

Tip

You can set up biometrics and Touch ID / Face ID from the Security Centre by selecting Profile from the menu, and then Security.

This feature in the Security Centre gives you the control to see which devices are currently being used to access your Luno account. Here, you have the ability to trust your device or remove any devices that you no longer use or don’t recognise.

Tip

Be sure to look out for notification tags that may flag an unauthorised active device. More about notification tags in the Stay alert section below.

An application programming interface key, or API key, is a unique key that allows a program to gain access to your Luno account. If you’d like to view or manage your API key, you can do so from the Security Centre.

Luno will interact with you through your email. This is our way of communicating with you. If criminals have access to your email, you are at risk.

Here are a few things you can do

  • Use a unique and strong password

    It's recommended to update your password frequently. A strong password is at least 14 characters in length and contains a mix of letters, numbers and special characters

  • Set up two-factor authentication for your email

    Most email providers support Google Authenticator or even SMS security. Check your settings

  • Check your forwarding settings to make sure

    Attackers will sometimes gain access to your email. They’ll remain stealthy. Without your knowledge, they set up a forwarding address to have all your incoming mail forwarded to them. They wait until the opportunity arises to steal from you. In this way, your crypto can be stolen even if your account was compromised months ago. Check your mail forwarding settings and make sure there aren’t any unknown devices logged into your mail

  • If you signed up with Luno using a Gmail address, here are some additional resources for you:

Website

When navigating to the Luno website, make sure the website address (or URL) is the legitimate https://www.luno.com/ address.

Tip

If you see anything else in the address bar on top of your browser, leave the site immediately and report it to us immediately. We’ll try to have the fake site shut down.

Email

Whenever you receive an email from Luno, make sure that it was truly sent by Luno. Check the origin of any email before interacting with any of the links – you can do this by double-checking the sender’s address.

  • noreply@mailer.luno.com

  • no-reply@luno.com

  • support@luno.com

If you do receive a phishing email, don’t interact with any of the links in the message. Your email provider should have a “report as phishing” option. Use it.

Phone calls

Be vigilant when receiving phone calls and always ascertain who’s calling you. A tactic that phishers employ is to masquerade as a legitimate entity in order to gain access to your account.

When calling, we may ask you some security-related questions in order to verify your identity.

We will never ask you for the following:

  • Your password

  • Your banking details

  • Your two-factor authentication codes

  • Your OTP pin

  • Authorisation links

Tip

Stay up to date with the latest scams in your country

A recent malware called Alien specifically targeting Android users illustrates just how adventurous hackers can be.

Malware (short for malicious software) is any type of software (viruses, trojan horses, rootkits, etc.) intentionally designed to cause damage to a computer, server, client or computer network. There are many ways in which attackers might try to trick you into installing malware, and the best way to stop their adventuring is to avoid getting infected in the first place.

Read any notifications sent by Luno and report any activity that looks suspicious as quickly as possible to us.

Tags are a recent feature we’ve rolled out in the Security Centre. If a new device signs in to your account, or a new API key is created on your account, you’ll notice a notification icon displaying a “New” tag next to the Security Centre menu item. This allows you to see at a glance if there’s been any new activity on your account. It’s especially useful to see if an attacker has gained access to your account.

If you notice a “New” tag displaying in your Luno account, and you haven’t signed in from a new device, or added a new API key, you have the ability to deactivate that device or revoke the newly-created API key.

The notification tags will disappear once you proceed into the Active Device or API items in the menu.

 

In summary, no time spent on improving security is ever wasted. Stay safe, and feel free to reach out to us if you have any security-related questions. We’re here to help.

Share this article

Did this article help?

Thank you!

We value your feedback