How do I see and revoke active sessions?
Profile → Security → Active sessions shows every device logged in. Sign out anything you don't recognize, then change your password.
Where to find it
Profile → Security → Active sessions
For each session, you'll see:
- Device (browser + OS, e.g. "Chrome 124 on macOS Sonoma")
- IP address + ISP + approximate location (city + country, derived from IP)
- First login timestamp (when this session was created)
- Last activity (when this session last hit our server)
- Sign out button per session
The session you're currently using is marked with a green dot.
What to do if you see something unfamiliar
- Sign that session out immediately (the button is per-session)
- Change your password (change-password)
- Rotate your 2FA secret (Profile → Security → Reset 2FA — invalidates all backup codes too)
- Review recent withdrawals — if any went to addresses you didn't add, contact support immediately
- Add the unknown IP to your blocklist (Profile → Security → IP blocklist)
Sign out everywhere
The Sign out all other sessions button at the top kills every session except the current one. Use it when:
- You've sold/given away an old laptop or phone
- You used a friend's device and forgot to log out
- Your password manager flagged a possible breach elsewhere
This forces password re-entry on every other device — including your own — but is harmless if you're careful.
"I see a session from {country I've never visited}"
Two scenarios:
1. You used a VPN (or your ISP routes through a different region)
Some ISPs and mobile carriers route traffic through unexpected geo-points. Check whether the device is otherwise correct (your usual browser, your usual phone fingerprint). If so, it's almost certainly your own session over an unusual route.
2. Real account compromise
If the device fingerprint also looks unfamiliar (different browser, different OS), follow the takeover-response steps above immediately. Then email [email protected] — we can run a full audit of recent activity and reverse fraudulent moves where possible.
Session lifetime
- Web sessions: 30 days idle, then auto-expire
- Mobile (PWA): 90 days idle
- "Remember me" unchecked: closes when you close the browser tab
You can shorten the default lifetime under Profile → Security → Session length.
هل كان هذا مفيدًا؟
97% من 204 قارئًا وجدوا هذا مفيدًا.
لا تزال بحاجة إلى مساعدة؟
يرد فريقنا على مدار الساعة في أقل من دقيقة.
مقالات ذات صلة
How do I enable two-factor authentication (2FA)?
Profile → Security → Enable 2FA. Use an authenticator app (Aegis, Google Authenticator, 1Password) — never SMS.
What is a trusted device and should I mark mine as trusted?
Skips 2FA prompt on a specific device for 30 days. Use ONLY on personal devices you fully control.
My account is locked — how do I unlock it?
Most lockouts are 30-minute auto-cool-offs after failed login attempts. Permanent locks need manual review with ID.