Configure Your Account Correctly From Day One
Your BitcoinEra account is the gateway to everything on the platform — your connected bots, your performance data, your exchange API keys, and your trading activity. Securing it properly and configuring it to work the way you need isn’t optional — it’s foundational.
This guide walks through every section of your account settings — what each option does, why it matters, and exactly how to configure it correctly. We’ll spend the most time on security, because an improperly secured account connected to an exchange API key represents a genuine financial risk that is completely avoidable with five minutes of proper setup.
Accessing Your Account Settings
After logging in to BitcoinEra, access your account settings by:
- Clicking your profile avatar or name in the top right corner of any page
- Selecting “Account Settings” from the dropdown menu
You’ll see a settings page organized into several sections. We’ll cover each one in detail.
Section 1 — Profile Settings
Display Name
Your display name appears in the community, on any public interactions, and in certain dashboard views. It does not need to be your real name — many users prefer a pseudonym for privacy.
How to update it: Go to Profile Settings → Display Name → Enter your preferred name → Save.
Email Address
The email address associated with your account is used for:
- Login authentication
- Important security notifications
- Bot performance alerts
- Platform announcements
Changing your email address: Go to Profile Settings → Email Address → Enter new email → Verify ownership of new address via confirmation email → Save.
⚠️ Important: After changing your email address, you’ll receive security notification emails at both your old and new address. If you receive a notification about an email change that you didn’t initiate — contact support immediately.
Profile Language and Timezone
Setting your correct timezone ensures that:
- Trade timestamps in your history display in your local time
- Performance reports reflect your local daily boundaries
- Scheduled notifications arrive at the right times
How to set it: Go to Profile Settings → Timezone → Select your region and timezone from the dropdown → Save.
Section 2 — Security Settings
This is the most important section in your entire account configuration. Read it completely before moving on.
Password Management
Changing Your Password
We recommend changing your password:
- When you first create your account (if you used a weak placeholder)
- Every 6–12 months as a general security practice
- Immediately if you suspect it may have been compromised
How to change it: Go to Security Settings → Change Password → Enter current password → Enter new password → Confirm new password → Save.
What makes a strong password:
- Minimum 14 characters
- Mix of uppercase and lowercase letters
- At least two numbers
- At least two special characters (! @ # $ % ^ & *)
- Not used on any other website or service
- Not containing your name, email, or obvious personal information
Our strong recommendation: Use a password manager — Bitwarden (free), 1Password, or Dashlane — to generate and store a genuinely random, strong password. A password manager-generated password like K#9mPx$vL2@nQw7! is vastly more secure than any human-created password.
Two-Factor Authentication (2FA)
This is the single most important security setting on your account. Enable it before doing anything else.
Two-factor authentication adds a second verification step to your login process. Even if someone obtains your password — they cannot access your account without also having access to your physical device with the authenticator app.
Given that your BitcoinEra account is connected to exchange API keys — compromised account access could allow someone to interfere with your trading activity. 2FA is the primary defense against this.
Supported 2FA Methods
Authenticator App (Recommended) The most secure option. A time-based one-time password (TOTP) generated by an app on your phone — changes every 30 seconds.
Recommended apps:
- Google Authenticator (iOS and Android — free)
- Authy (iOS and Android — free, with backup feature)
- Microsoft Authenticator (iOS and Android — free)
SMS/Text Message (Less Recommended) A code sent to your registered phone number. Less secure than an authenticator app because:
- SIM-swapping attacks can redirect your SMS to an attacker’s device
- SMS delivery can be delayed or fail during critical moments
- Phone numbers can be compromised through carrier vulnerabilities
Use SMS only if you cannot use an authenticator app — and switch to an authenticator app as soon as possible.
How to Enable Authenticator App 2FA
Step 1: Go to Security Settings → Two-Factor Authentication → Enable → Select “Authenticator App”
Step 2: BitcoinEra will display a QR code and a manual entry code.
Step 3: Open your authenticator app on your phone. Tap the “+” or “Add Account” button. Scan the QR code — or manually enter the code if you can’t scan.
Step 4: Your authenticator app will now show a 6-digit code that changes every 30 seconds. Enter the current code into the verification field on BitcoinEra.
Step 5: BitcoinEra confirms the code is correct and 2FA is now active.
Step 6 — Critical: BitcoinEra will display a set of backup codes — typically 8–10 single-use codes. These allow you to access your account if you ever lose your phone or authenticator app.
Save these backup codes immediately:
- Write them down and store in a secure physical location
- Store them in your password manager under a clearly labeled entry
- Do NOT store them only on your phone — if you lose the phone you lose both the authenticator and the backup codes
⚠️ Losing both your authenticator app access AND your backup codes means you are permanently locked out of your account with no recovery option. Save your backup codes immediately.
What Happens After 2FA Is Enabled
Every time you log in to BitcoinEra:
- Enter your email and password as normal
- When prompted, open your authenticator app
- Enter the current 6-digit code
- Access granted
The extra step takes about 10 seconds. The security benefit is enormous.
Disabling 2FA
We strongly recommend never disabling 2FA. If you genuinely need to disable it — for example because you’re switching to a new phone — the process is:
Go to Security Settings → Two-Factor Authentication → Disable → Enter your current 2FA code to confirm → Complete
Immediately re-enable 2FA on your new device before doing anything else.
Active Sessions
This section shows every device and location currently logged in to your BitcoinEra account.
What you’ll see:
- Device type (desktop browser, mobile app, etc.)
- Approximate location (based on IP address)
- Last activity timestamp
- Session identifier
What to do: Review this list periodically — especially after any suspected security incident. If you see any session you don’t recognize:
- Click “Revoke” next to the suspicious session immediately
- Change your password
- Review your 2FA settings
- Contact support if you suspect unauthorized access
Log Out All Devices: A single button that immediately terminates all active sessions everywhere — including any you might have forgotten about on old devices. Use this if you ever suspect account compromise.
Login History
A log of recent login attempts to your account — both successful and failed.
What to look for:
- Failed login attempts from unfamiliar IP addresses — may indicate someone is attempting to access your account
- Successful logins from locations you don’t recognize — may indicate your account has been compromised
- Login attempts at times when you were definitely not using the platform
If you see anything suspicious — change your password immediately, review active sessions, and contact support.
API Key Security Overview
This section provides a summary view of all API keys currently connected to your account — across all bots and exchanges.
What it shows:
- Exchange name
- API key label
- Date connected
- Last activity timestamp
- Associated bot name
Best practices for API key management:
Review regularly: Check this list monthly. Remove any connections to bots you’re no longer running. Outdated API key connections are unnecessary security exposure.
One key per bot: Never reuse the same API key across multiple bots or platforms. If you need to disconnect one bot, you can delete just that key without affecting anything else.
Match labels to bots: Each API key should have a clear label that identifies exactly which bot it’s for — making this overview readable and actionable.
Section 3 — Notification Settings
Configuring notifications correctly is the difference between being appropriately informed and either missing critical alerts or being overwhelmed by irrelevant ones.
Email Notifications
Security Alerts (Always On — Cannot Be Disabled)
- New login from unrecognized device
- Password change
- Email address change
- 2FA changes
- API key added or removed
These cannot be disabled — they’re your primary defense against unauthorized account changes.
Bot Performance Alerts (Configurable)
Drawdown Limit Triggered Highly recommended — enable for all bots. This tells you when a bot has hit its safety threshold and stopped automatically. Setting: Enable ✅
Daily Loss Limit Triggered Recommended — tells you when a bot has hit its daily loss cap. Setting: Enable ✅
Bot Status Changes Notify when any bot changes status — Active to Stopped, or any Error state. Setting: Enable ✅
API Connection Errors Critical — tells you immediately if a bot loses its exchange connection. Setting: Enable ✅
Large Position Opened Optional — notifies you when a position above a defined size is opened. Useful if you want awareness of significant trades without being notified of every small one. Setting: Enable with threshold ✅ (set threshold at 20–30% of allocated capital)
Individual Trade Notifications Optional — notifies you of every single trade. Not recommended for grid or scalping bots — you’ll receive dozens or hundreds of notifications per day. Potentially useful for low-frequency bots like trend following or breakout. Setting: Disable for high-frequency bots ❌ / Enable for low-frequency bots ✅ (your choice)
Monthly Performance Summary A monthly email summarizing each bot’s performance over the past month. Recommended — useful for regular review without requiring active log-in. Setting: Enable ✅
Platform Announcements (Optional)
New bot listings, feature updates, knowledge base articles, market commentary. Enable if you want to stay engaged with the platform. Disable if you prefer minimal email.
Push Notifications (Mobile App)
If you use the BitcoinEra mobile app — push notifications provide the same alerts as email but delivered directly to your phone’s notification center.
Recommended push notification configuration mirrors the email configuration above — enable security alerts and critical bot alerts, disable individual trade notifications for high-frequency bots.
Notification Frequency Settings
For users running multiple bots — you can set a notification digest option that batches non-critical alerts (like individual trade notifications if you’ve enabled them) into a single summary email or push notification rather than sending each one separately.
Recommended setting: Digest for individual trades (hourly or daily digest) — immediate for security alerts and drawdown/connection events.
Section 4 — Privacy Settings
Profile Visibility
Your BitcoinEra profile can be set to:
Private (Default) Your profile is visible only to you. No other users can see your connected bots, performance data, or activity.
Community Your display name and general activity (not specific performance data) is visible to other BitcoinEra users in community features.
Public Your display name and aggregated performance information is publicly visible. Only relevant if you’re considering becoming a bot author or community contributor.
Recommended for most users: Private. There’s no benefit to sharing your trading activity publicly unless you’re building a reputation as a bot author.
Data and Analytics
Usage analytics: BitcoinEra collects anonymized usage data to improve the platform — which pages are visited, which filters are used in the catalog, etc. This data is not personally identifiable and is used solely for product improvement.
Marketing communications: You can opt out of all marketing communications while keeping security and bot performance notifications active. Recommended for users who want minimal email contact.
Section 5 — Connected Exchanges
This section shows all exchanges currently connected to your account via API keys — with more detail than the API Key Security Overview in the Security section.
What you’ll see for each connection:
- Exchange name and logo
- API key label
- Connection status (Active / Error / Expired)
- Last successful communication timestamp
- Associated bot (if connected to a specific bot)
- Permission level confirmed (Read + Trade confirmed, Withdrawals confirmed disabled)
- Quick action: Disconnect / Edit / Test Connection
Test Connection: A useful function that sends a test request to verify the API key is working correctly and permissions are intact. Use this if you suspect a connection issue before diving into full troubleshooting.
Disconnect: Removes the API key from BitcoinEra. Note — this does not delete the key from your exchange. You must also delete it from your exchange’s API Management page separately.
Section 6 — Billing and Subscription
Performance Fee Tracking
BitcoinEra’s performance fees are calculated and charged automatically based on your bots’ profitable trades. This section shows:
- Fee rate for each connected bot
- Fees charged in the current period
- Cumulative fees paid to date
- Fee calculation method (profit per trade, after exchange fees)
Understanding the fee calculation: Performance fees are calculated on net profitable trades — after exchange trading fees are subtracted. If a trade generates $10 gross profit but $2 in exchange fees, the BitcoinEra performance fee is calculated on $8 net profit.
No performance fees are charged on losing trades — ever.
Payment Method
Add or update the payment method used for performance fee billing. Supported payment methods include major credit cards and cryptocurrency payments.
Billing History
A complete record of all performance fee charges — date, amount, and which bot generated the fee.
Section 7 — Account Management
Download Your Data
Request a complete export of your BitcoinEra data — including all trade history, performance records, and account activity. Useful for tax reporting, personal record-keeping, or transferring history before closing an account.
Data exports are provided in CSV format compatible with common spreadsheet applications.
Account Deactivation
Temporarily deactivate your account — pausing all connected bots and suspending API connections. Your account data is preserved and can be reactivated at any time.
Before deactivating:
- Stop all running bots
- Close any open positions you don’t want remaining active
- Note that deactivation does NOT delete API keys from your exchange — do this manually
Account Deletion
Permanently delete your BitcoinEra account and all associated data. This action is irreversible.
Before deleting:
- Export your trade history if you need it for records
- Stop all bots and close open positions
- Delete all API keys from your exchange accounts
- Cancel any active subscriptions
Security Best Practices — Quick Reference
Before finishing this guide — here’s a consolidated checklist of every security best practice covered:
Account Security:
- Strong, unique password (14+ characters, password manager generated)
- Two-factor authentication enabled with authenticator app
- Backup codes saved securely in two separate locations
- Login history reviewed — no suspicious activity
- Active sessions reviewed — only recognized devices
API Key Security:
- Separate API key for each connected bot
- All keys labeled clearly with bot name
- Withdrawal permissions confirmed disabled on all keys
- Unused keys removed from both BitcoinEra and exchange
- API key list reviewed monthly
Notification Security:
- Security alert notifications enabled and verified working
- Drawdown limit notifications enabled for all bots
- API connection error notifications enabled
- Bot status change notifications enabled
General Security:
- Never share password or 2FA codes with anyone
- Never respond to messages claiming to be from BitcoinEra asking for credentials
- Log out of shared or public devices after use
- Review account settings after any suspected security incident
Summary
Here’s everything we covered in this guide:
- Profile settings — display name, email, timezone configuration
- Password management — strength requirements and update best practices
- Two-factor authentication — why it’s essential, how to enable it, backup codes
- Active sessions and login history — monitoring for unauthorized access
- API key security overview — managing connected exchange keys
- Notification settings — which alerts to enable and which to filter
- Privacy settings — profile visibility and data preferences
- Connected exchanges — reviewing and managing API connections
- Billing and performance fee tracking
- Account management — data export, deactivation, deletion
- Complete security best practices checklist
⚠️ Security Notice: BitcoinEra staff will never ask for your password, 2FA codes, or API Secret Keys. Any communication requesting these credentials is fraudulent. Report suspicious communications to support immediately.
