# Security Notes
# SEED & Password
Before you create an account, you should know some important points about the Waves.Exchange wallet system. In Waves.Exchange wallet, there is no .dat file which keeps your private keys but a SEED which grants you access to them. The SEED is by default a string of 15 English words and basically your passphrase to your funds - if you lose your SEED, you lose access to your account.
We strongly encourage you to additionally back up the SEED on a piece of paper and store it in a safe place. The provided string of 15 English words is cryptographically extremely secure and with the current technology is unbreakable (the chance that someone can break a passphrase given by the client is 1:(2048^15)). Each and every SEED is only linked to one single Waves.Exchange account. Every digit, character, symbol and space counts - if there is one extra space, the SEED belongs to a different account. If there is a wrong symbol, the SEED belongs to a different account. If there is a spelling mistake, the SEED belongs to a different account.
⚠️ Do not forget to create a backup copy of the SEED phrase!
See how to do it:
The secret phrase can not be changed. If you accidentally sent it to someone or suspect that it was taken by fraudsters, immediately create a new Waves.Exchange wallet and transfer all funds to it. And don't forget to record the new secret phrase.
During the account creation, you will also be asked to generate a password for your address.
The password has two purposes:
It encrypts the SEED locally so the SEED is never sent to the network unprotected.
Your account will be cached so you don't have to import the SEED from new every time you want to log in. The password secures that only you can log into your account which is stored in the localstorage. If you happen to lose your password, you can simply delete the account from the localstorage, restore account by using your SEED.
Note: A lost password can be reset to recover the access to the account if you still have the SEED phrase.
# Personal Account
- To access your account, do not use browsers that have extensions and plug-ins installed, they can access your secret passphrase.
- Protect the account with a password.
- You use your wallet anonymously, your account is not tied to e-mail or to other identifying information.
- Password protects your account as part of a specific device or browser.
- Check whether the connection is in secure SSL mode - in the address bar of your web browser, you should see the closed lock icon (on the right or on the left, depending on the browser).
- As an additional way of protection you can use a Ledger Nano Device and/or Waves Keeper.
# General Notes
- Before you enter a secret phrase from your account or download the application, carefully look at the address bar of the browser and make sure that you are on the official resource of the company.
- Use the official software. Do not install unknown or hacked programs.
- Do not open emails or links from unknown senders.
- Regularly check for the operating system and browser updates.
- Do not use the your client in public WiFi or from someone else's device.