Your Clova account holds real financial value. Follow this comprehensive security checklist to ensure your funds are protected.
1. Enable Two-Factor Authentication (2FA)
This is the single most important security step. Go to Settings ? Security ? Enable 2FA. Use Google Authenticator or Authy (not SMS, which is vulnerable to SIM swapping). Save your backup codes offline.
2. Use a Strong, Unique Password
Minimum 12 characters with mixed case, numbers, and symbols. Never reuse a password from another service. Consider using a password manager like Bitwarden or 1Password.
3. Verify Withdrawal Addresses
Always double-check the destination address before confirming a withdrawal. Clova shows an address verification screen — read it carefully. Hackers often change one or two characters in copied addresses.
4. Monitor Login Activity
Check Settings ? Security ? Login History regularly. If you see logins from unknown devices or locations, change your password immediately and contact support.
5. Keep Your Device Secure
Use a screen lock on your phone. Don't install the Clova PWA on rooted/jailbroken devices. Keep your OS and browser updated.
6. Beware of Phishing
Clova will never ask for your password, 2FA codes, or seed phrases via email, chat, or phone. Our only official domain is clova.cc. If you receive suspicious communications, forward them to security@clova.cc.
7. Enable Withdrawal Whitelisting
Go to Settings ? Security ? Withdrawal Whitelist to restrict withdrawals to pre-approved addresses only. This prevents attackers from sending your funds to their wallets even if they gain access.