Skip to main content

Risk Warning: CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 83% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money. Please click here to read our full Risk Warning.

79% of retail investor accounts lose money when trading CFDs with this provider.

Risk Warning: CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 83% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money. Please click here to read our full Risk Warning.

79% of retail investor accounts lose money when trading CFDs with this provider.

Accounts and Security

Personal data is safeguarded through end-to-end encryption, secure storage, and strict access controls aligned with EU privacy standards. These measures work together to create a comprehensive security framework that protects user information at every stage: from the moment data is submitted during registration and verification, through its storage on secure servers, to any authorised access that occurs during account management or compliance review processes.

Encryption plays a central role in the platform's data security architecture. All data transmitted between the user's device and the platform's servers is protected using modern, industry-standard TLS encryption protocols. This ensures sensitive information — including personal details, login credentials, and financial data — cannot be intercepted or read by unauthorised parties during transmission. At rest, personal data is stored on secure servers protected by multi-layered physical and digital security, including advanced firewalls, intrusion detection systems, and redundant backup procedures that safeguard against data loss due to hardware failure or other technical incidents.

Access controls add a further layer of protection by strictly limiting who within the organisation can view or interact with user data. The platform operates on the principle of 'least privilege', meaning that employees and systems are granted access only to the specific data required to perform their legally mandated duties. All access is logged and monitored, creating an auditable trail that supports both internal oversight and regulatory compliance. The platform also conducts regular security audits, vulnerability assessments, and system updates to identify and address emerging threats proactively. Users can contribute to the security of their own data by enabling two-factor authentication, using strong, unique passwords, being cautious of phishing attempts, and avoiding accessing their accounts from unsecured public networks. Together, these platform-level and user-level measures create a robust and continuously evolving defence system that keeps personal data protected in accordance with the highest industry and regulatory standards.

The Company is responsible for handling personal data under applicable privacy laws, while users must protect their login credentials and account access. This shared responsibility model recognises that effective data protection requires commitment from both sides. The Company implements robust technical and organisational safeguards, while users take proactive steps to secure their own accounts and personal information from potential threats.

On the Company's side, responsibility for data protection is comprehensive and governed by strict regulatory frameworks. The platform is obligated to collect only the data necessary for legitimate purposes such as account registration, identity verification, and regulatory compliance. All collected data must be stored securely using encryption and access controls, processed in accordance with applicable privacy laws such as GDPR in Europe, and retained only for as long as required by regulatory or operational necessity. The Company is also responsible for notifying users and relevant authorities in the event of a data breach, maintaining transparent privacy policies that clearly explain how data is collected and used, and ensuring that any third-party service providers with access to user data adhere to equivalent security standards.

On the user's side, responsibility centres around protecting the access points to their account and personal information. This includes creating strong, unique passwords that are not reused across multiple services, enabling two-factor authentication for an additional layer of login security, keeping login credentials confidential and never sharing them with anyone, being vigilant against phishing attempts that impersonate the platform to steal personal information, and ensuring that devices used to access the trading account are secured with up-to-date software and reliable antivirus protection. Users should also log out of their accounts when using shared or public devices and report any suspicious activity to the platform's support team immediately. By fulfilling their respective roles in this shared responsibility model, both the platform and its users contribute to creating a secure environment where personal data is effectively protected against unauthorised access and misuse.

Data protection measures include end-to-end encryption, strict access controls, secure communication channels, and continuous compliance with EU privacy regulations. These safeguards are integrated into every aspect of the platform's daily operations, ensuring that personal data remains protected not only when it is first submitted, but throughout its entire lifecycle: during processing, storage, internal access, and any authorised communication between systems.

Encryption is applied and enforced at multiple levels of platform operations. Data transmitted between the user and the platform is secured using modern, industry-standard TLS encryption protocols, preventing interception during transit. Data at rest on the platform's servers is protected using advanced cryptographic standards that render it unreadable without the proper authorised decryption keys. Furthermore, strict Identity and Access Management (IAM) policies are enforced based on the principle of 'least privilege'. This ensures our employees can only access the specific data required for their roles (e.g. compliance reviews, customer support, or technical maintenance). Every access event is logged and monitored to maintain a transparent audit trail for regulatory oversight.

Secure communication channels protect data exchanges between the platform and its external partners — including payment providers, verification services, and regulatory reporting systems — ensuring that personal information is not exposed during routine operational processes. All third-party partners with access to user data are contractually required to maintain stringent security standards equivalent to those of the platform itself. Continuous security assessments, penetration testing, and system updates are conducted to identify potential vulnerabilities and address them before they can be exploited. Compliance with privacy regulations, such as GDPR and other applicable data protection frameworks, provides the overarching governance structure that defines how data must be collected, processed, stored, and eventually deleted. Together, these operational measures create a continuously maintained security environment that rapidly adapts to evolving and emerging threats while ensuring that user data is handled responsibly, transparently, and in full accordance with the highest industry protection standards.

A secure system uses encryption, authentication controls, and safety protocols to ensure that user data and transactions remain protected. In the context of online trading, where sensitive personal information, financial details, and real-time monetary transactions are processed continuously, a secure system is not a single feature but rather a comprehensive framework of interconnected technologies and procedures designed to defend against a wide range of potential threats.

Encryption forms the foundation of a secure trading system, protecting data both during transmission and while stored on servers. When a trader logs in, places an order, or initiates a financial transaction, all communication between their device and the platform's servers is encrypted to prevent interception by unauthorised parties. Authentication controls — including password protection, two-factor authentication, and session management — ensure that only verified account holders can access their accounts and perform sensitive operations. These controls work together to create multiple barriers that must be overcome before any unauthorised party can gain access, significantly reducing the risk of account compromise even if one layer of security is breached.

\afety protocols encompass the broader set of policies and procedures that govern how the platform responds to security threats, monitors for suspicious activity, and maintains the integrity of its systems. These include automated anomaly detection systems that flag unusual login patterns or transaction behaviour, real-time monitoring of platform infrastructure for signs of cyberattacks or technical intrusions, regular security audits and penetration testing to identify and address vulnerabilities, and incident response procedures that ensure rapid and effective action in the event of a security breach. The platform's systems are continuously updated to address newly discovered threats and evolving attack methods. Users also play an important role in maintaining a secure trading environment: enabling all available security features, using strong unique passwords, keeping their devices and software updated, and remaining alert to potential phishing attempts all contribute to strengthening the overall security of the system.

Personal data is collected through submitted documents, account details, and verification steps required to meet compliance and security standards. This data collection process follows a structured sequence that begins at the moment a user creates an account and continues through the identity verification stages, with each step gathering specific information necessary to establish a secure, compliant, and fully functional trading account.

During registration, users provide foundational personal details such as their full name, date of birth, e-mail address, phone number, and country of residence. This initial information is used to create the account profile and begin the onboarding process. As the user progresses to the verification stage, additional data is collected through the submission of official documents. Typically, that's a government-issued identity document such as a passport, national ID card, or driver's license, and in some cases, a proof of address document such as a utility bill or bank statement. These documents are used to confirm the user's identity, verify their residential address, and ensure that the account information matches the details on the official documentation.

Additional data may also be collected through the verification of payment methods, where users submit confirmation that their financial instruments — such as cards or bank accounts — are registered in their name. Throughout this process, all collected data is handled in strict accordance with applicable privacy regulations, which govern how information is gathered, processed, stored, and protected. The platform collects only the data that is necessary to fulfil its regulatory obligations and operational requirements. No unnecessary or excessive information is requested. Users have the right to understand how their data is being used and can typically review the platform's privacy policy for a detailed explanation of data collection practices, processing purposes, retention periods, and the rights available to them regarding their personal information.

User protection on Libertex includes security controls, compliance procedures, and technical safeguards designed to protect accounts and personal data. This multi-layered approach reflects the platform's commitment to creating a trading environment where users can participate in financial markets with confidence that their accounts, funds, and personal information are safeguarded by robust and continuously maintained protective measures.

Security controls form the first line of defence and include features that users interact with directly. These encompass strong password requirements, two-factor authentication that adds an extra verification step during login, automatic session timeouts that end inactive sessions to prevent unauthorised access, and encrypted connections that protect all data exchanged between the user's device and the platform's servers. On the compliance side, Libertex follows strict regulatory frameworks that mandate identity verification procedures, anti-money laundering screening, segregation of client funds from operational capital, and transparent disclosure of trading conditions, costs, and risks. These compliance measures ensure that the platform operates within established legal boundaries and that users' interests are protected by enforceable regulatory standards.

Technical safeguards operate behind the scenes to protect the platform's infrastructure and the data it processes. These include advanced firewalls, intrusion detection systems, real-time monitoring for suspicious activity, regular security audits, and redundant data backup procedures that protect against loss or corruption. The Company continuously evaluates and updates its security measures to address evolving threats and incorporate the latest protective technologies. Users are also encouraged to play an active role in their own protection: enabling all available security features, maintaining strong, unique passwords, staying alert to phishing attempts, and reporting any suspicious activity promptly. Libertex regularly communicates security best practices to its users and provides accessible support channels for reporting concerns, creating a collaborative approach to user protection where both the platform and its users contribute to maintaining a safe and trustworthy trading environment.

Libertex protects user data through encryption, controlled access, and compliance with applicable data protection regulations. These three pillars work together to create a comprehensive data protection framework that safeguards personal and financial information across every stage of the user's interaction with the platform: from initial registration through ongoing trading activity and account management.

Encryption ensures that all data remains secure both in transit and at rest. When users access the platform, submit documents, or perform financial transactions, the information exchanged between their device and Libertex's servers is protected by modern, industry-standard TLS encryption protocols that prevent unauthorised interception. Data stored on the platform's servers — including personal details, verification documents, and transaction records — is encrypted using advanced cryptographic methods that render it inaccessible without proper authorisation. This dual layer of encryption protection means that user data is shielded whether it is actively being transmitted or securely stored.

Controlled access policies govern who within the organisation can interact with user data and under what circumstances. The platform applies the principle of least privilege, ensuring that each team member has access only to the specific information required for their role. All data access is logged, monitored, and subject to regular audit reviews that verify compliance with internal policies and external regulatory requirements. Compliance with data protection regulations — such as GDPR and other applicable frameworks — provides the legal and procedural foundation that shapes how Libertex collects, processes, stores, and, when appropriate, deletes personal data. These protections extend to all third-party service providers that the platform works with, who are contractually required to maintain equivalent security standards. Regular security assessments, vulnerability testing, and system updates ensure that the platform's data protection measures remain effective against evolving threats. Users can further strengthen the protection of their data by enabling two-factor authentication, using strong, unique passwords, and remaining vigilant against phishing attempts and other social engineering tactics.

User data management refers to how personal information is collected, updated, stored, protected and archived in strict accordance with the GDPR and EU directives. It encompasses the full lifecycle of personal data on the platform: from the moment information is first collected during registration and verification, through its active use during the account's operational life, to its eventual archiving or deletion when it is no longer required for regulatory or operational purposes.

In practice, user data management on Libertex covers several key processes. Data collection is governed by the principle of data minimisation, collecting only what is necessary for account security, verification, and regulatory compliance. Once collected, data is organised and stored in secure systems with controlled access, ensuring it can be efficiently retrieved when needed for legitimate purposes — such as processing a verification request, responding to a support inquiry, or fulfilling a regulatory reporting obligation — while remaining protected from unauthorised access at all times.

Data updating is an equally important aspect of user data management. Users may need to update their personal information over time, for example, due to a change of address, a new identity document, or an updated payment method. The platform provides mechanisms for users to submit updated information, which is then validated and incorporated into the account record through the appropriate verification processes. Users typically have the right to request access to the personal data the platform holds about them, to request corrections if any information is inaccurate, and in certain circumstances to request deletion of their data, subject to the platform's regulatory obligation to retain certain records for prescribed periods. Libertex's data management practices are guided by applicable privacy regulations and are detailed in the platform's privacy policy, which users are encouraged to review for a comprehensive understanding of how their information is handled throughout their relationship with the platform.

Account security refers to the measures used to protect login access, transactions, and personal information associated with a user account. It encompasses a comprehensive set of tools, protocols, and practices — implemented by both the platform and the user — that work together to prevent unauthorised access, protect financial operations, and ensure the confidentiality of all data linked to the trading account.

On the platform's side, account security is maintained through multiple layers of technical protection. These include encrypted login connections that protect credentials during transmission, server-side security infrastructure that guards against external intrusion attempts, automated monitoring systems that detect unusual account activity in real time, and session management protocols that automatically terminate inactive sessions to prevent unauthorised use. The platform also implements secure authentication mechanisms, including support for two-factor authentication, which adds a critical second verification step that significantly reduces the risk of account compromise even if login credentials are exposed.

On the user's side, account security is strengthened by adopting responsible security practices. Users are encouraged to create strong, unique 'passphrases' (a long string of words) that combine letters, numbers, and special characters, and to avoid reusing passwords from other services. Enabling two-factor authentication is one of the most effective steps a user can take, as it ensures that a password alone is not sufficient to access the account. Regularly reviewing account activity for any unfamiliar transactions or login events, keeping devices and browsers updated with the latest security patches, and being cautious of phishing e-mails or messages that attempt to obtain login credentials are all essential habits that contribute to robust account security. If any suspicious activity is detected — such as unexpected login notifications, unrecognised transactions, or changes to account settings that the user did not initiate — it should be reported to the platform's support team immediately so that protective measures can be activated without delay.

Risk control refers to systems that monitor account activity to identify and limit potential security or compliance risks. These systems operate continuously in the background, analysing patterns in account behaviour — including login events, trading activity, financial transactions, and account setting changes — to detect anything that deviates from the user's established activity profile and could indicate a potential threat to account integrity.

In practice, risk control systems use a combination of automated algorithms and predefined rules to evaluate account activity in real time. When the system detects behaviour that falls outside normal parameters — such as a login attempt from an unfamiliar geographic location, an unusually large withdrawal request, a sudden spike in trading activity that is inconsistent with the account's history, or multiple failed authentication attempts — it can trigger a range of protective responses. These may include requesting additional verification before allowing the action to proceed, temporarily restricting certain account functions until the activity can be reviewed, sending an alert notification to the account holder, or flagging the event for manual review by the platform's security or compliance team.

The purpose of these automated risk controls is to catch potential issues early — before they can escalate into actual security breaches or compliance violations — while minimising disruption to legitimate account activity. The systems are calibrated to balance sensitivity with practicality, aiming to flag genuine threats without generating excessive false alerts that would interfere with normal platform use. For users, understanding that risk control mechanisms are actively monitoring their accounts provides reassurance that suspicious activity will be identified and addressed promptly. If a user encounters a temporary restriction triggered by the risk control system — such as a request for additional verification during a login or transaction — cooperating with the process promptly is the fastest way to restore normal access, as these interventions are designed exclusively to protect the account holder's interests and financial security.

Anomaly detection identifies unusual account activity that may indicate security risks or unauthorised access attempts. It is a specialised component of the platform's broader risk control framework that uses automated algorithms and pattern recognition to continuously compare current account behaviour against established baselines, flagging any activity that deviates significantly from what is considered normal for that particular user.

The system builds a behavioural profile for each account based on historical patterns — including typical login times and locations, usual device types and browsers, regular trading activity levels, and standard transaction sizes and frequencies. When an event occurs that does not fit this profile, the anomaly detection system flags it for further evaluation. For example, a login from a country where the user has never previously accessed their account, a series of rapid transactions that are inconsistent with the account's typical activity, multiple failed password attempts in quick succession, or a withdrawal request to a payment method that has not been used before could all trigger an anomaly alert. Each of these scenarios may be perfectly legitimate, but they could also indicate that someone other than the account holder is attempting to access or misuse the account.

When an anomaly is detected, the system can respond in several ways depending on the severity and nature of the flagged activity. Low-risk anomalies may simply be logged for review, while higher-risk events may trigger immediate protective measures such as requesting additional verification, temporarily restricting the flagged action, or sending a real-time notification to the account holder, alerting them to the unusual activity. This layered response approach helps protect users from potential threats while minimising unnecessary disruption to legitimate account use. Users who receive anomaly-related notifications should review them carefully and respond promptly, confirming the activity if it was intentional, or reporting it immediately if it was not. Keeping security features such as two-factor authentication enabled and maintaining consistent account usage patterns both help the anomaly detection system function more accurately and effectively.

Unauthorised access occurs when someone gains entry to an account without the account holder's permission. This can happen through a variety of methods — including stolen or guessed login credentials, compromised e-mail accounts used for password recovery, social engineering tactics such as phishing, or exploitation of weak security settings — and it represents one of the most serious threats to account safety in the online trading environment.

Unauthorised access can take many forms, ranging from a single unauthorised login to more damaging scenarios where the intruder attempts to modify account settings, place trades, initiate withdrawals, or extract personal information. In some cases, the account holder may not immediately realise that unauthorised access has occurred, particularly if the intruder is careful to avoid making obvious changes. Warning signs that may indicate unauthorised access include unrecognised login notifications or activity in the account history, changes to account settings or personal details that the user did not initiate, unexpected orders or positions appearing in the trading account, and withdrawal requests that the account holder did not submit.

The consequences of unauthorised access can be significant, potentially including financial losses, exposure of personal and financial data, and the disruption of ongoing trading activity. This is why both the platform and the user share responsibility for preventing it. On the platform's side, protective measures include encrypted login connections, two-factor authentication support, automated anomaly detection, session management controls, and real-time monitoring for suspicious activity. On the user's side, the most effective defences include enabling two-factor authentication, using a strong, unique password that is not shared with any other service, being vigilant against phishing attempts that try to trick users into revealing their credentials, and avoiding accessing trading accounts from unsecured public networks or shared devices. If a user suspects that unauthorised access has occurred or has been attempted, they should immediately change their password, enable or verify their two-factor authentication settings, and contact the platform's support team to report the incident and request a security review of their account.

Libertex uses security controls such as authentication checks, monitoring systems, and access restrictions to help prevent unauthorised access. These measures form a multi-layered defence framework designed to protect user accounts at every potential point of vulnerability — from the login process through to ongoing account activity and financial transactions.

Authentication checks are the first line of defence. The platform requires users to verify their identity through secure login credentials, and offers two-factor authentication as an additional security layer that requires a second form of verification — such as a time-sensitive code generated by an authenticator app or sent via SMS — before access is granted. This means that even if a malicious party obtains a user's password, they cannot access the account without also possessing the second authentication factor. The platform also enforces secure password standards and may prompt users to update their credentials periodically or after a potential security event.

Monitoring systems operate continuously behind the scenes, analysing login patterns, device fingerprints, geographic locations, and account activity in real time to detect behaviour that may indicate an unauthorised access attempt. If the system identifies suspicious activity — such as a login from an unfamiliar location, multiple failed authentication attempts, or unusual transaction patterns — it can automatically trigger protective responses, including additional verification requests, temporary account restrictions, or alert notifications sent directly to the account holder. Access restrictions further strengthen security by automatically ending inactive sessions through timeout protocols, limiting the number of consecutive failed login attempts, and ensuring that sensitive account operations such as password changes and withdrawal requests are subject to enhanced verification requirements. Together, these interconnected measures create a robust security environment that significantly reduces the risk of unauthorised access. Users can maximise the effectiveness of these protections by enabling all available security features, responding promptly to any security-related notifications, and reporting any suspicious activity to the platform's support team without delay.

Account protection includes authentication tools, monitoring systems, and user-controlled security settings. These three components work together to create a comprehensive security framework that safeguards user accounts from both external threats and potential vulnerabilities, ensuring that only authorised individuals can access and operate the account at all times.

Authentication tools provide the foundational layer of account protection. The platform supports secure password-based login along with two-factor authentication, which requires a second verification step, such as a one-time code, before access is granted. This combination ensures that even if login credentials are compromised, the account remains protected by an additional barrier that is extremely difficult for unauthorised parties to bypass. The platform may also employ device recognition and session management protocols that detect when an account is being accessed from a new or unrecognised device, triggering additional verification before allowing entry.

Monitoring systems add a continuous and automated layer of protection that operates around the clock. These systems track login activity, trading behaviour, financial transactions, and account setting changes in real time, comparing each event against the account's established behavioural baseline. Any activity that deviates from normal patterns — such as logins from unusual locations, unexpected withdrawal requests, or rapid changes to account settings — is flagged for further review and may trigger immediate protective actions. User-controlled security settings give traders the ability to actively participate in their own account protection. These include enabling or configuring two-factor authentication, setting strong passwords, managing trusted devices, and reviewing login history to verify that all access events are legitimate. Users are strongly encouraged to take full advantage of every available security setting and to review their account activity regularly. If anything appears unfamiliar or suspicious, changing the password immediately, verifying two-factor authentication status, and contacting the platform's support team are the recommended first steps to ensure the account remains secure.

Two-factor authentication adds an extra verification step during login, enhancing account security beyond a password alone. Often abbreviated as 2FA, this security feature requires users to provide two separate forms of identification before access to the account is granted, combining something they know (their password) with something they have (such as a mobile device that generates a one-time verification code). This dual-layer approach makes unauthorised access significantly more difficult, even if the account's password has been compromised.

In practice, 2FA works by adding a second checkpoint after the user enters their standard login credentials. Once the password is accepted, the platform prompts the user to provide a time-sensitive code. Typically, that's a six-digit number that is either generated by an authenticator app such as Google Authenticator or Microsoft Authenticator, or sent to the user's registered phone number via SMS. This code is valid for only a short period, usually 30 to 60 seconds, after which a new code must be generated. Because the code changes constantly and is tied to the user's specific device, an attacker would need both the password and physical access to the user's phone or authenticator app to gain entry, a combination that is extremely difficult to achieve.

With 2FA enabled, even if someone obtains your password through a data breach, phishing attack, or other means, they cannot access your account without also having access to the second authentication factor. This dramatically reduces the risk of unauthorised access and is widely regarded as one of the single most effective security measures available to individual account holders. For trading accounts — which contain sensitive personal information and financial assets — enabling 2FA is not just recommended but considered essential by security professionals across the industry. The setup process is typically quick and straightforward, requiring just a few minutes in the platform's security settings, and the small additional step during each login provides a substantial and ongoing improvement to overall account protection.

2FA works by requiring a second authentication factor, such as a one-time code, after entering login credentials. The process is designed to be simple and quick for the user while providing a substantial increase in account security. Each time a user logs in, they first enter their username and password as usual, and then are prompted to provide a verification code before access is granted.

The verification code is typically generated by an authenticator application installed on the user's mobile device, such as Google Authenticator, Microsoft Authenticator, or a similar app. These applications produce a new six-digit code approximately every 30 seconds, and the code is synchronised with the platform's security system so that only the current valid code will be accepted. Some platforms may also offer the option to receive the code via SMS to the user's registered phone number, though it's strongly recommended to use authenticator apps. App-based codes are considered vastly more secure because they do not rely on mobile network availability and are immune to SIM-swapping attacks.

Setting up 2FA on Libertex is a straightforward process that takes just a few minutes. Users navigate to the security settings section of their account, select the option to enable two-factor authentication, and follow the on-screen instructions — which typically involve scanning a QR code with the authenticator app to link it to the trading account. Once linked, the app begins generating codes that can be used immediately for the next login. During setup, users are often provided with backup recovery codes that should be stored securely in case access to the authenticator device is lost. It is important to keep these recovery codes in a safe place, as they serve as the fallback method for regaining account access if the primary device is unavailable. While the additional login step adds a few seconds to each session, the security benefit is substantial — making 2FA one of the most valuable protective measures available to any trader managing an active trading account.

2FA is important because it reduces the risk of unauthorised access even if login credentials are compromised. In today's digital environment, passwords alone — no matter how strong — are increasingly vulnerable to a range of threats, including data breaches at third-party services, phishing attacks, keyloggers, and brute-force cracking attempts. Two-factor authentication addresses this vulnerability by ensuring that a password is not the only barrier protecting the account.

The fundamental strength of 2FA lies in the principle of requiring two independent forms of verification from different categories. A password represents something the user knows, while the one-time code from an authenticator app or SMS represents something the user physically possesses. For an attacker to gain unauthorised access, they would need to compromise both factors simultaneously, which is exponentially more difficult than obtaining a password alone. Even in a worst-case scenario where a user's password is exposed through a data breach or a successful phishing attempt, the account remains protected because the attacker cannot generate the second authentication code without access to the user's physical device.

For trading accounts specifically, the importance of 2FA is amplified by the sensitive nature of the information and assets at stake. A compromised trading account could lead to unauthorised trades, fraudulent withdrawal attempts, exposure of personal and financial data, and significant financial loss. Given these potential consequences, the minor inconvenience of entering a verification code during each login is a remarkably small price to pay for such a significant increase in protection. Security professionals across the financial industry consistently rank 2FA among the most effective and accessible measures available to individual users, and many regulatory frameworks increasingly encourage or require its implementation. Users who have not yet enabled 2FA on their trading accounts are strongly encouraged to do so immediately. Setup takes only a few minutes, and the ongoing protection it provides is invaluable for maintaining the safety of both financial assets and personal information.

Secure login on Libertex relies on multi-layered authentication, encrypted data transmissions, proactive session monitoring and optional security features such as 2FA. These controls work together to ensure that every login attempt is processed safely and that only the verified account holder can access the platform and its associated financial functions.

The secure login process begins the moment a user navigates to the Libertex login screen. The connection between the user's device and the platform's servers is immediately secured using modern TLS encryption protocols, ensuring that all data transmitted during the login process — including the username and password — is protected from interception by unauthorised parties. Once the user submits their credentials, the platform's authentication system verifies them against the securely stored account records. Passwords are never stored in plain text; they are secured using advanced cryptographic hashing and salting, making them unreadable even in the highly unlikely event of a system compromise.

To maximise login security, it's strongly recommended to enable two-factor authentication, an additional verification step that follows the password check. The user is prompted to enter a time-sensitive code generated by their authenticator app or received via SMS, adding a second independent layer of security before access is granted. The platform also employs session management protocols that monitor the login for additional security signals — such as the device type, browser, geographic location, and time of access — and may prompt for additional verification if highly unusual activity, compared to the account's established patterns, is detected. Sessions are automatically terminated after a period of inactivity to prevent unauthorised access if a user forgets to log out. Users can further strengthen their login security by choosing long, unique passwords, enabling 2FA, avoiding logging in from public or unsecured networks, and always using the official Libertex website or application rather than links received through unsolicited messages.

Password encryption ensures that user passwords are stored securely using cryptographic methods rather than in a readable form. When a user creates or updates their password, the platform does not store the actual password itself. Instead, it applies an advanced cryptographic process known as hashing and 'salting', which transforms the password into a complex, irreversible string of characters. This means that the password exists in readable form only during the brief moment the user types it. Once processed, only the encrypted version is retained on the platform's servers.

The hashing process typically incorporates additional security techniques to further strengthen password protection. Salting, for example, adds a unique random value to each password before it is hashed, ensuring that even if two users choose the same password, their stored hashes will be completely different. This prevents attackers from using precomputed tables of common password hashes, known as rainbow tables, to reverse-engineer passwords in bulk. Modern hashing algorithms are also designed to be computationally intensive, meaning that even with significant processing power, attempting to crack a hashed password through brute force would require an impractical amount of time and resources.

This approach to password security means that even in the highly unlikely event of a server breach, the actual passwords of users remain unreadable and secure. Attackers would only obtain encrypted hashes that are extremely difficult to convert back into usable credentials. However, password encryption on the platform's side is only one part of the equation. Users play an equally important role when choosing a password. The Company strongly advise using a long, unique passphrase (a memorable sentence or series of words) rather than a short, complex password, and never reusing credentials from other websites. Changing passwords periodically and enabling two-factor authentication provide additional layers of protection that complement the platform's encryption measures and create a robust overall defence for the account.

Auto logout is a security feature that ends inactive sessions automatically to reduce the risk of unauthorised account access. When a user leaves their account open without interacting with the platform for a defined period of time, the system automatically terminates the session and requires the user to log in again before any further actions can be performed. This simple but effective mechanism provides an important layer of protection against a range of potential security threats.

The primary purpose of auto logout is to protect accounts from being accessed by unauthorised individuals who may gain physical access to an unattended device. For example, if a trader logs into their account on a work computer, a shared device, or a laptop in a public space and then walks away without manually logging out, the open session could be exploited by anyone who approaches the device. Auto logout mitigates this risk by ensuring that the window of vulnerability is limited to a defined period of inactivity, after which the session is closed, and full re-authentication is required to regain access.

Auto logout also helps protect against certain types of session hijacking attacks, where a malicious party attempts to take over an active session through technical means. By limiting the lifespan of each session, the platform reduces the time during which such an attack could be attempted. The timeout period is typically calibrated to balance security with user convenience, long enough that active traders are not interrupted during normal use, but short enough to provide meaningful protection during periods of inactivity. Some platforms allow users to adjust the timeout duration within their security settings, giving them the flexibility to choose a balance that suits their individual usage patterns. While having to re-enter login credentials after a timeout may feel like a minor inconvenience, it is a widely recognised security best practice that significantly reduces the risk of unauthorised account actions resulting from unattended sessions.

Session expiration means that a login session ends after a certain period of inactivity, requiring the user to log in again for security reasons. Every time a user logs into the platform, a session is created. It's a temporary connection between the user's device and the platform's servers that allows them to perform actions such as placing trades, managing positions, and accessing account information. Session expiration defines the maximum duration this connection can remain active without user interaction before it is automatically terminated.

The expiration timer resets each time the user actively engages with the platform: clicking buttons, navigating between sections, placing orders, or performing any other interactive action. However, if no activity is detected for the predefined timeout period, the system concludes that the user may have stepped away or forgotten to log out and automatically ends the session. At this point, the user is returned to the login screen and must re-enter their credentials — and complete two-factor authentication if enabled — before they can resume using the platform. Any unsaved settings or pending actions that were not confirmed before the session expired may need to be re-entered.

Session expiration is a security measure that works in conjunction with other protective features to create a comprehensive account safety framework. It is particularly valuable in situations where a trader accesses their account from a device that others might also use, or in environments where stepping away from the screen is common. While it may occasionally require re-authentication at inconvenient moments, this minor interruption serves the critical purpose of preventing unauthorised actions on an account that has been left unattended. Users who find themselves frequently affected by session timeouts may want to adjust their workflow to ensure they complete important actions without extended pauses, or check whether the platform offers configurable timeout settings that allow the duration to be customised within available security parameters.

An expiration date defines how long a session remains active before it automatically ends, helping protect accounts from prolonged unattended access. In technical terms, when a user logs in, the platform assigns a session token, a temporary digital credential that authenticates the user's connection and allows them to interact with the platform without re-entering their login details for every action. This token has a built-in lifespan, and once that lifespan is reached, the token expires, and the session is terminated.

There are generally two types of session expiration that work together. Idle timeout ends a session after a specific period of inactivity. For example, if no clicks, trades, or navigation events are detected for a set number of minutes. This protects against scenarios where a user walks away from their device without logging out. Absolute timeout sets a maximum total session duration regardless of activity. This means that even a continuously active session will eventually expire and require re-authentication. This second layer provides protection against session hijacking attempts by limiting the overall window during which a session token remains valid, and ensures that the user's identity is periodically re-verified through a fresh login.

When a session reaches its expiration point, the platform immediately invalidates the session token, meaning it can no longer be used to access account functions, even if someone attempts to use it. The user is redirected to the login screen and must complete the full authentication process again, including two-factor verification if enabled. This re-authentication step confirms that the person attempting to access the account is still the legitimate owner. While session expiration may seem like a technical background process, it plays a vital role in account protection by ensuring that no session remains open indefinitely. Users who want to maintain the best possible security posture should view session expiration as a helpful safeguard rather than an inconvenience, and should always log out manually when they have finished using the platform rather than relying solely on automatic expiration.

A session usually ends after a period of inactivity, manual logout, or when security rules require re-authentication. These three mechanisms work together to ensure that user sessions are managed securely and that access to the account is properly controlled throughout each interaction with the platform.

Inactivity timeout is the most common way sessions end during routine use. When the platform detects that a user has not performed any action — such as clicking, navigating, placing orders, or interacting with charts — for a defined period of time, the session is automatically terminated. This protects the account from being left open and accessible on an unattended device, which could create an opportunity for unauthorised access. The timeout period is calibrated to allow reasonable pauses during normal trading activity while still providing meaningful security protection during longer absences.

Manual log out occurs when the user actively chooses to end their session by clicking the logout button within the platform interface. This is the most secure way to conclude a trading session, as it immediately invalidates the session token and ensures that no further actions can be performed without a fresh login. Users are strongly encouraged to log out manually every time they finish using the platform — particularly when accessing their account from shared, public, or workplace devices where others may have physical access after they leave. Security-triggered re-authentication represents the third way a session may end. This can occur when the platform's security systems detect unusual activity during an active session, when a maximum absolute session duration is reached regardless of ongoing activity, or when certain sensitive account operations — such as changing a password or modifying withdrawal settings — require the user to re-verify their identity before proceeding. Each of these session-ending mechanisms contributes to a secure account environment where access is continuously validated and never left open longer than necessary.

Account structure defines how user accounts, balances, and permissions are organised within the platform. This organisational framework determines how a user's trading activities, financial operations, and account settings are arranged and managed, providing a clear and logical system that supports efficient trading, accurate record-keeping, and appropriate access to platform features based on the user's account type and verification status.

At its core, the account structure on Libertex encompasses several interconnected elements. The main account profile contains the user's personal information, verification status, and security settings. Connected to this profile are the financial components — including the account balance, available equity, used margin, and free margin — which are calculated and displayed in real time based on the user's deposits, withdrawals, open positions, and accumulated trading results. These financial metrics provide a continuous snapshot of the account's health and capacity, helping traders understand at a glance how much capital is available for new positions and how much is currently committed to existing trades.

Account permissions and feature access are also determined by the account structure. The level of functionality available to a user — including the ability to trade live instruments, access specific asset classes, make deposits and withdrawals, and utilise advanced platform features — may depend on factors such as the account type, the user's verification status, and applicable regulatory requirements in their jurisdiction. For example, a fully verified account with completed KYC procedures will typically have access to the full range of platform capabilities, while an account with pending verification may face certain restrictions until the process is complete. Users can review their current account structure, balance details, and available features through the account dashboard, which serves as the central hub for managing all aspects of their trading account on the platform.

Multiple trading accounts may be available depending on platform rules, verification status, and regulatory requirements. The availability of additional accounts is not universal. It is governed by a combination of the platform's internal policies, the regulatory framework applicable to the user's jurisdiction, and the specific conditions associated with the user's account type and verification level.

For traders who do have access to multiple accounts, this feature can offer several practical advantages. Separate accounts allow traders to organise their activity by strategy — for example, maintaining one account for longer-term positions and another for short-term trading — without the results and margin allocations of different approaches interfering with each other. Multiple accounts can also be useful for separating activity across different asset classes, testing new strategies in isolation from an established portfolio, or managing distinct risk profiles for different trading objectives. This organisational flexibility can make performance tracking, risk management, and financial planning more straightforward and transparent.

However, there are important considerations to keep in mind. All accounts held by the same user are subject to the same identity verification requirements, and each account must be registered under the user's verified personal details. Opening accounts under different names or using false information is strictly prohibited and constitutes a violation of both platform rules and regulatory standards. Users should also be aware that maintaining multiple accounts requires managing separate balances, margin levels, and open positions, which adds complexity to overall portfolio oversight. Before requesting additional accounts, users are advised to confirm the current platform policy regarding multi-account availability, understand any associated conditions or limitations, and ensure that their verification status supports the request. Contacting customer support is the most reliable way to obtain accurate and up-to-date information about the options available for their specific account and region.

Spam detection systems help identify and block suspicious or unsolicited activity related to accounts or communications. These systems operate as an automated layer of protection that continuously monitors the platform's communication channels, account registration processes, and user interactions to filter out unwanted activity before it can reach or impact legitimate users.

On the communication side, spam detection algorithms analyse incoming messages, e-mails, and contact form submissions to identify patterns commonly associated with unsolicited or malicious content. These patterns may include repetitive messaging, mass-generated content, suspicious links, known phishing templates, and communications originating from flagged sources. When the system identifies a message as likely spam, it is automatically filtered or blocked before it reaches its intended recipient, protecting users from exposure to potentially harmful or deceptive content.

At the account level, spam detection helps prevent the creation of fraudulent or automated accounts that could be used for malicious purposes such as identity theft, phishing campaigns, or manipulation of platform features. The system examines registration patterns — including the speed of account creation, the consistency of submitted information, and the behavioural characteristics of new account activity — to distinguish between genuine users and automated or fraudulent registrations. Accounts identified as suspicious may be flagged for manual review or blocked entirely before they can be used for harmful purposes. Users can also contribute to the effectiveness of spam detection by reporting any suspicious messages, communications, or account activity they encounter. Reporting helps the platform refine its detection algorithms and respond to emerging spam tactics more quickly. Staying cautious about unsolicited communications — particularly those requesting personal information, login credentials, or financial details — and verifying that all messages claiming to be from Libertex originate from official channels are important habits that complement the platform's automated spam detection efforts.

Phishing prevention includes user awareness, secure communication channels, and monitoring for fraudulent activity. Phishing is one of the most common and persistent threats in the online financial services industry. It involves fraudulent attempts to trick users into revealing sensitive information such as login credentials, payment details, or personal data by impersonating legitimate organisations through fake e-mails, websites, or messages. Libertex takes a proactive approach to combating this threat through a combination of technical measures and user education.

On the technical side, the platform employs several layers of protection against phishing attempts. All official Libertex communications are sent through verified and authenticated channels, making it easier for users to distinguish genuine messages from fraudulent ones. The platform's security systems actively monitor for the appearance of fake websites, impersonation attempts, and unauthorised use of the Libertex brand, taking swift action to report and shut down fraudulent sites when they are identified. The Company employs strict e-mail authentication protocols (such as DMARC, SPF, and DKIM) to prevent attackers from spoofing official company e-mail addresses, and the platform's login infrastructure is designed to resist credential harvesting by ensuring that authentication data is transmitted only through encrypted connections to verified servers.

User awareness remains the strongest defence in the fight against phishing. Libertex provides educational guidance to help users recognise the hallmarks of phishing attempts — such as unexpected e-mails requesting urgent action, messages containing suspicious links or attachments, communications asking for passwords or financial details, and websites with URLs that closely resemble but do not exactly match the official Libertex domain. Libertex will never ask the user for the password, the two-factor verification codes, or the full credit card details via e-mail, SMS, or phone call. Users are strongly advised to always verify that they are accessing the official Libertex website by checking the URL carefully, to never share login credentials or one-time verification codes with anyone — including people claiming to represent the platform — and to contact customer support directly through the official platform if they receive any communication that seems suspicious. Enabling two-factor authentication provides an additional safety net, as even if a phishing attempt successfully captures a user's password, the attacker would still be unable to access the account without the second authentication factor. If you receive an urgent message threatening account suspension or demanding immediate deposits, do not click the links. Instead, navigate to the platform manually or contact our official support team.

Official communication refers to messages sent through verified Libertex channels, such as the official website or registered contact methods. These channels represent the only legitimate sources of information, updates, and requests from the platform, and being able to identify them is an essential skill for protecting your account and personal information from phishing and other social engineering attempts.

Official Libertex communications are typically delivered through a defined set of verified channels. These include e-mails sent from registered and authenticated Libertex e-mail domains, in-platform notifications that appear within the user's account dashboard, announcements published on the official Libertex website, and messages sent through verified social media accounts that are linked from the official website. Customer support interactions initiated by the user through the platform's built-in support tools or official contact page are also considered official communications. Any response received through these channels as part of an ongoing support request can be trusted as legitimate.

Users should be cautious of any message or communication received outside of these verified channels — particularly unsolicited contacts through personal e-mail, social media direct messages, messaging apps, or phone calls from individuals claiming to represent Libertex. Legitimate platform communications will never ask users to share their password, two-factor authentication codes, or full payment card details, and they will never pressure users into making immediate deposits or taking urgent financial action. If a user receives a message that claims to be from Libertex but seems unusual, contains suspicious links, requests sensitive information, or creates a sense of urgency, they should not click any links or provide any information. Instead, the recommended course of action is to log into the official Libertex platform directly — by typing the URL manually into the browser rather than clicking any provided link — and check for any relevant notifications in the account dashboard, or contact customer support through the official channels to verify whether the communication is genuine.