Back to Support
Essential

Protect your M9 account

Best practices to avoid phishing, scams and account theft.

1. Enable two-factor authentication

Use an authenticator app (Google Authenticator, Authy) instead of SMS. This blocks 99% of takeover attempts.

  • Prefer an authenticator app (Authy, Google Authenticator) over SMS.
  • Keep recovery codes somewhere safe and offline.
  • Never share your codes — not even with someone pretending to be support.

Pro tip

SIM swap is the most common attack against SMS 2FA. Always use an app.

2. Beware of off-platform messages

Never close deals outside M9. Official support never asks for your password, 2FA code or recovery in DM, chat or Discord.

  • Official support only talks inside the platform — never DM or Discord.
  • Links in messages are the #1 phishing vector. Don't click if unsure.
  • Password, 2FA code and recovery are private. M9 never asks for them.

Pro tip

Before clicking a link, copy and paste it into your browser to see the real domain.

3. Audit active sessions

Check Settings → Devices. End anything you don't recognize and rotate your password immediately.

  • Review your devices list at least once a month.
  • End old sessions you no longer use.
  • Turn on new-device login notifications in your dashboard.

Pro tip

Unexpected login from a foreign IP? End all sessions and rotate your password now.

Was this guide helpful?

Help us improve our help center.