Skip to main content

Account Security Best Practices

Protecting your Rallies account helps keep your investment research private and secure.

Strong Password

Requirements

  • At least 8 characters
  • Mix of letters, numbers, and symbols recommended

Best Practices

  • Use a unique password - Don’t reuse passwords from other sites
  • Use a password manager - Tools like 1Password, Bitwarden, or Apple Keychain
  • Avoid personal info - Don’t use birthdays, names, or common words
  • Make it long - Longer passwords are stronger (12+ characters ideal)

Example of a Strong Password

Tr@ding2024!Secure
Better yet, use a random password generator: 
k8$mP2nX@qL9vR4w

Enable Two-Factor Authentication (2FA)

2FA adds a second layer of security beyond your password.

How It Works

  1. Enter your password
  2. Enter a code from your authenticator app
  3. Only then are you logged in

Benefits

  • Even if someone steals your password, they can’t access your account
  • Protects against phishing attacks
  • Industry-standard security measure
Set up 2FA → Social sign-in leverages the security of Google and Apple:
  • Google: Uses Google’s advanced threat protection
  • Apple: Uses Face ID/Touch ID for biometric security
Both are more secure than a simple password. Link social accounts →

Recognize Phishing Attempts

Red Flags

  • Emails asking for your password (we never do this)
  • Urgent messages about “account suspension”
  • Links that don’t go to rallies.ai
  • Misspelled domains (raIlies.ai, rallles.ai)
  • Requests to “verify” by entering credentials

Safe Practices

  • Check the URL - Always verify you’re on rallies.ai
  • Don’t click email links - Go directly to the site instead
  • When in doubt, don’t - Contact support to verify
  • Report phishing - Forward suspicious emails to support

Keep Your Email Secure

Your email is the key to your account (password resets go there):
  • Use a strong, unique password for your email
  • Enable 2FA on your email account
  • Don’t share your email password with anyone

Session Security

Sign Out on Shared Devices

  • Always log out when using public computers
  • Don’t check “Remember me” on shared devices
  • Close the browser when done

Review Active Sessions

  1. Go to Settings → Security → Active Sessions
  2. Review devices logged into your account
  3. Click “Sign out” on any you don’t recognize

Suspicious Activity

Warning Signs

  • Login alerts from unknown locations
  • Password reset emails you didn’t request
  • Changes to your account you didn’t make
  • Missing watchlists or settings changes

What to Do

  1. Change your password immediately
  2. Enable 2FA if not already enabled
  3. Review active sessions and sign out unknown devices
  4. Contact support if you believe you were compromised

What Rallies Does to Protect You

Security Measures

  • Encryption: All data encrypted in transit (TLS) and at rest
  • Password hashing: We never store your actual password
  • Rate limiting: Protection against brute force attacks
  • Monitoring: Automated detection of suspicious activity
  • No SMS 2FA: We use app-based 2FA (more secure than SMS)

Our Commitments

  • We never ask for your password via email or chat
  • We never share your data without consent
  • We promptly disclose any security incidents

Security Checklist

Use this checklist to secure your account:
  • Strong, unique password (12+ characters)
  • Two-factor authentication enabled
  • Google or Apple sign-in linked (optional but recommended)
  • Recovery email verified and secure
  • Active sessions reviewed
  • Password manager in use