Security-first access to your assets ๐
At Uphold, we prioritize security for every user. Protecting private keys, account credentials, and transaction integrity is central to our design. Below we describe recommended practices, technologies used, and how you can harden your account.
Core protections
- Two-Factor Authentication (2FA): Add an extra verification step using TOTP apps (like Google Authenticator, Authy) or hardware tokens (YubiKey). 2FA significantly reduces account hijacking risk.
- Device trust model: Register and manage trusted devices. New device logins require additional verification (email confirmation, additional 2FA step).
- Encrypted transport: All connections use TLS / HTTPS to ensure data in transit is encrypted.
- Server-side protections: Rate limiting, IP anomaly detection, and account lockouts on suspicious activity.
- Hardware wallet compatibility: For users requiring self-custody, Ledger and similar hardware wallets can be integrated to store keys offline.
Recommended user practices
- Enable 2FA immediately after creating your account.
- Use unique, long passwords stored in a password manager (e.g., 12+ characters, mix of letters, numbers, symbols).
- Store recovery phrases offline on a physical medium (seed steel, paper in a secure location).
- Do not reuse passwords across multiple sites.
- Monitor account activity and set up alerts for new device sign-ins and large transactions.
How to log in: step-by-step
Logging into Uphold is straightforward when you follow secure practices. Below is the recommended flow.
Standard login flow
- Open the official Uphold login page (bookmark it to avoid phishing).
- Enter your registered email address and password.
- If 2FA is enabled, enter the code from your authenticator app or confirm via your security key.
- Verify the device (if asked) via email link or confirmation step.
- Upon successful verification, you'll land in your Uphold dashboard where you can view balances, trade, and manage portfolio settings.
Troubleshooting failed logins
- Forgot password? Use the Reset password link; check spam/junk folders for recovery emails.
- 2FA not working? Use your backup codes or a registered secondary 2FA method. If you lose access, contact Support with identity verification.
- Account locked after multiple failed attempts? Follow the unlock instructions sent to your email or contact Support.
Fast execution & transparent trading โก
Uphold offers a trading platform that blends simplicity with advanced features suitable for retail and professional traders.
Key trading features
- Instant order execution: Orders are routed and executed quickly with clear status updates.
- Order types: Market, Limit, Stop-Loss, and conditional orders are supported to help you manage risk.
- Staking & yield: Some assets support staking or yield generation directly through the platform.
- Swap & convert: One-click asset conversions with transparent pricing and fee information.
- Advanced charts: Real-time market data, candlestick charts, and indicators for technical analysis.
Fees & transparency
We publish clear fee schedules and transaction summaries. Always review the fee breakdown before confirming a trade.
| Action | Typical fee | Notes |
|---|---|---|
| Market trade | 0.25% | Variable by asset and liquidity |
| Limit order | 0.15% maker / 0.25% taker | Depends on matching liquidity |
| Withdrawal (crypto) | Network fee | Network-dependent; displayed during withdrawal |
Account types & advanced use cases
Uphold can accommodate a range of users from individuals to enterprises.
Individual accounts
Perfect for retail users managing savings, trading, and staking.
Business & enterprise
- Multi-user access and role-based permissions.
- API access for automated trading and reporting.
- Custom compliance and reporting tools for institutional clients.
Account recovery: safely regain access
Account recovery procedures balance safety and convenience. Never share your recovery phrase or verification codes with anyone.
Steps if you lose access
- Use available backup 2FA codes if you recorded them when enabling 2FA.
- Attempt password reset via your email address (follow the steps in the emailed link).
- If you cannot access your email, follow Identity Verification steps with Support (government ID, selfie verification, transaction history confirmation).
Best practices for recovery
- Store recovery codes offline in a secure location.
- Set up a recovery plan: associate two trusted contacts in case of emergencies (where supported by policy).
Privacy, compliance & regulatory considerations
Uphold operates under applicable financial regulations and requires KYC (Know Your Customer) verification for certain features. Data is handled per the Privacy Policy and applicable laws.
What data we collect
- Contact details (email, phone), identity documents for KYC, transaction records for compliance.
- IP addresses, device metadata, and session logs for security and fraud prevention.
User privacy controls
Users can review data sharing preferences, opt in/out of marketing communications, and request copies of their personal data under applicable privacy regulations.
APIs, integrations & developer tools
Enterprise and developer users can integrate with Uphold via secure APIs for trading, data retrieval, and programmatic account management.
API features
- REST API with API keys and scoped permissions.
- Webhooks for real-time event notifications (deposits, withdrawals, trades).
- Sandbox environment for testing without moving funds.
All API keys should be stored securely and rotated regularly. Use IP whitelisting for production integrations.
Help Center, troubleshooting & contact support
For immediate issues or account security incidents, contact Support via the Help Center. We provide articles, walkthroughs, and direct support channels for verification and recovery.
Common troubleshooting steps
- Clear browser cache and cookies, then try logging in again.
- Use an updated browser on desktop for best compatibility (Chrome, Firefox, Edge, Safari).
- Disable browser extensions that may interfere with authentication (privacy blockers that modify requests).
- If using a mobile authenticator app, ensure device time/date are correct (required for TOTP).
Contact methods
- Help Center knowledge base (search articles and guides).
- Support ticket submission through the official site.
- For urgent security incidents, follow the security incident contact instructions in the Help Center.
Frequently Asked Questions (FAQ)
Q: What should I do if I suspect unauthorized access?
A: Immediately change your password, revoke active sessions from the account dashboard, enable/rotate 2FA, and contact Support. If funds are at risk, escalate to the Security team as indicated in the Help Center.
Q: Can I use a hardware wallet with Uphold?
A: Yes โ Uphold supports integrations with popular hardware wallets for added security (verify support for specific features and assets in the Help Center).
Q: How does Uphold store private keys?
A: For custodial accounts, keys are stored using hardened key management practices in secure, audited vaults. For self-custody workflows, keys remain on your hardware device and are never shared with the platform.
Q: Is Uphold regulated?
A: Uphold operates under applicable regulatory frameworks in supported jurisdictions. Specific license and compliance details are available in the Legal & Compliance section of the website.
Glossary โ common terms
- 2FA
- Two-factor authentication: an additional verification step beyond password for account security.
- Private Key
- A secret used to authorize crypto transactions. Keep it offline and private.
- Seed / Recovery Phrase
- A human-readable list of words that can restore a wallet. Store it offline.
- Custodial vs Self-custody
- Custodial: provider holds private keys on behalf of users. Self-custody: user controls their private keys.
Legal, compliance & security audits
Uphold maintains documented compliance programs, third-party security audits, and ongoing penetration testing to maintain a secure platform. For enterprise customers, additional compliance reports and SOC documentation can be made available under NDA.