What is a Master Key?
A Master Key is an additional password that allows you to:
- Prevent an unwanted password reset, even if your email account is compromised (If enabled, the Master Key is required to reset your CryptWin Sign-In Password).
- Bypass Sign-in Two-factor Authentication (2FA) if you lose access to it (for this reason, Sign-in 2FA and Master Key should always be kept separate).
- Turn off the Global Settings Lock (GSL) immediately if enabled on your account.
Note: Master Key should not be confused with Sign-in Two-factor Authentication (2FA).
We recommend setting up a Master Key in combination with other security features.
What methods are available to use as your Master Key?
- YubiKey device (most secure) A USB device that you insert into your computer which generates a unique passcode every time you touch or tap the device. This unique passcode would be, in this case, your Master Key and it would change with every use.
- Authenticator app (moderately secure) Usually installed on a smartphone and generates a 6-8 digit passcode every 30 seconds. As with a Yubikey, this unique passcode would be your Master Key and would change with each use.
- Static password (least secure; not recommended) To be used if you want your Master Key to be a classic password of your choice. Being a static password that doesn’t change with each use, it’s less secure than the other options and should be long and complex enough not to be guessed.
How do I set up a Master Key?
- Sign into your CryptWin account.
- Click on your name in the upper-right corner of the page.
- Click on “Security”.
- Click on “2FA Settings“.
- Click the “On/Off” dial in the “Master Key” section and choose the method you want to use.
REMINDER: The Master Key should be kept separate from account sign-in information or any other 2FAs, as storing this information together would create a security threat to your account.
For example, if you use a YubiKey for Sign-In 2FA, then use an authenticator app or a different YubiKey for the Master Key.
How do I set up PGP/GPG encryption for my email?
Note: this is an optional security feature. You do not need PGP/GPG to use CryptWin.
Setting up a PGP/GPG encryption for your email is a great way to keep your correspondence private and add an additional layer of security to your CryptWin account.
How to create a PGP/GPG key
One popular method for encrypting email is by using the Mozilla Thunderbird email client with the Enigmail plugin. The basic steps are:
- Download and install the Thunderbird client.
- Install GnuPG and the Enigmail plugin.
If you’re a MacOS user, you can also try GPGMail, a GPG plugin for Apple Mail.
Once you’ve got everything set up, give us your PGP email key (under “Settings” in your account) and import our keys to your PGP program.
Setting up the Global Settings Lock (GSL)
The Global Settings Lock (GSL) is a security feature that:
- Prevents changes from being made to your CryptWin account.
- Hides sensitive account information.
Important: Before setting up a GSL, be sure to create a Master Key in case you change your mind. A Master Key has the ability to turn the GSL off at any time. CryptWin support is unable to expedite the GSL unlock process.
Note: While the Master Key override option can be convenient, it comes with an increased security risk if your Master Key is compromised.
How to set up the Global Settings Lock (GSL)
1. Sign in to your CryptWin account.
2. Click on your name in the upper-right corner of the page.
3. Click on Security > Global Settings Lock
4. Set the required waiting period to unlock the GSL without a Master Key.
5. Click the blue “Activate Global Settings Lock” button, which will enable the Global Settings Lock and complete the set up.
You will be notified via email of any attempted unlock of the GSL on your account. The waiting period is the amount of time you’ll have to take action in the event of a compromise. However, it’s also the amount of time you’ll have to wait yourself if you lose your Master Key (or if you never set one up in the first place).
Warning: The Master Key can only be created before the GSL is turned on. Once GSL is on, you will not be able to create a Master key as that is the entire point of the GSL.
Our support team is unable to assist with GSL removal if the unlock process is set between 1-30 days.
Password requirements and recommendations
These guidelines are designed to help you create a secure password for your CryptWin account.
- Minimum length is 8 characters, maximum is 128.
- Must contain at least one number.
- Must contain at least one special character (e.g. !, @, #, $ etc.) — spaces do not count.
- Cannot contain your username.
- If the password is less than 15 characters long, it cannot contain “common” words (e.g. common passwords or names).
Password security recommendations
- Do not use the same password as on your email address or any other service!
- Use a password manager such as KeePassXC to generate random passwords (ideally 64 characters or longer) and to keep your passwords safe from theft or forgetfulness.
If you do not want to use a password manager:
- The best passwords are usually nonsensical phrases with a few misspelled words, capital letters, numbers, or special characters thrown in.
- e.g. “figurativ should3#3 Hula-sing”
- The phrase should be easy for you to remember, but hard for others to guess.
- Famous quotes should be avoided.
Be sure to also check our username requirements and recommendations.
Important: A good password is not enough to secure your account! It’s critical to take advantage of all of our security features, including a Sign-In 2FA for both your CryptWin account and for your email account.