CEX — Sign In & Security Playbook (Updated)

When you arrive at the CEX login page, you’re entering the control panel for assets that can move instantly and often irreversibly. This page is intentionally designed to be secure and informative: it guides you through signing in, choosing protective settings, and preparing for recovery if you ever lose access. Treat the login step as part of continuous account maintenance — a small investment of time here will drastically reduce the chance of loss later.

Start with credentials. Use a unique, strong password (12 characters or longer, a mix of letter types, numbers, and symbols — or better yet, a randomly generated string from a password manager). Password managers not only generate robust passwords but also keep them encrypted and accessible across devices; using one is arguably the single best habit for account security. Never reuse a password from another service — credential reuse is the most common vector attackers use to take over accounts.

Next, enable two-factor authentication (2FA). CEX supports TOTP authenticator apps like Authy, Google Authenticator, or similar. If you plan to handle larger balances, consider hardware security keys (WebAuthn) — these are resistant to phishing and require the physical device to log in. If you set up TOTP, securely record and store the backup recovery codes in an offline, encrypted place. These codes are the emergency key to get back in if your authenticator device is lost.

KYC and verification are often necessary to use fiat rails on exchanges. When CEX asks for ID or proof of address, upload only through CEX’s secure verification portal. Avoid sending sensitive documents through email or third-party messaging apps. Completing verification early in your account lifecycle prevents stressful delays when you need to deposit or withdraw fiat funds.

Understand how recovery works. Because recovery flows are a common target for attackers, CEX’s recovery procedure intentionally includes multiple verification steps: email confirmation, identity proofs, and possibly phone verification. Don’t rely solely on SMS for 2FA or recovery; SIM-swap attacks are real and have caused major losses. Prefer authenticator apps or hardware keys for both daily 2FA and account recovery resilience.

Phishing is the biggest day-to-day threat. CEX will never ask you for your password or one-time codes in unsolicited messages. If an email claims urgent action, inspect the sender and hover over links to check their real destination. When uncertain, type CEX’s official domain into your browser instead of clicking links. Consider using browser protections or mail filters that flag known phishing patterns.

Device hygiene matters just as much as platform settings. Keep your operating system and browser up to date, remove untrusted extensions, and run reputable anti-malware software. For frequent traders, it can be worth having a dedicated browser profile (or even a dedicated device) for financial accounts to reduce cross-site contamination risks from other browsing activities.

For teams and organizations, enforce role-based access controls: require mandatory 2FA, minimize the number of administrators, and use hardware keys for privileged users. Maintain audit logs and review them periodically to detect anomalous behavior. If someone leaves the team, rotate credentials and revoke their device access immediately to reduce insider risks.

Need help? CEX Support provides step-by-step recovery guides and live assistance. When contacting support, include the timestamp of your login attempt, the full error message, and the browser/device you used — this speeds troubleshooting and keeps your experience smooth.