Account security tips

We've compiled a couple useful tips below to help you keep your Tryst account safe and only accessibly by you.

Never respond to or click links in suspicious emails

Unfortunately many adversaries attempt to impersonate Tryst.link emails, usually making statements to try and get a fast reaction out of you by following a suspicious link. Thankfully, it is easy to check that an email is legitimately from us by following the steps at the article below.

Tryst will also never:

  • Use a URL shortener like bit.ly to obscure links in our emails to you.
  • Use a domain other than https://tryst.linkhttps://app.tryst.link, or https://help.tryst.link in our emails to you. Most email clients will let you hover over the link without clicking on it to see the actual address even if it shows as one of these in the email itself and if you are even slightly unsure, go to the website site directly instead of clicking the link.
  • Demand instant action (we will always provide a reasonable period of time for you to respond to an issue).
  • Email you from a general email provider like Gmail or Hotmail/Outlook.
How to check email legitimacy

Only ever sign in or provide sign in codes to Tryst.link pages

Lots of adversaries try to impersonate Tryst.link’s login pages to try and trick you into handing over your username and password. Only ever log in to Tryst.link from https://app.tryst.link/log_in. Any other URL is fake and attempting to steal your data.

You can check what URL you are at by clicking on your browsers URL bar and looking at what is shown. Our links won’t include extra numbers or letters at the end or come from any other domain, no matter how similar it may look.

Even slightly unsure? Don’t fill in your details and instead type https://tryst.link/ into your browser URL bar and click the Login button.

Use a different email address for your profile and account

Your profile contact email (the one shown to clients) and account email (the one you use to log in) can be different. Because your account email is never shown to anyone except the Tryst Team, using a separate one to your profile email can help you immediately identify when someone is trying to impersonate us because they emailed the wrong address.

We will only ever send notifications and account updates to your account email.

Always set a strong, unique password

We've got a whole section on setting good passwords on your Tryst account that we recommend you check out. Having a strong, unique password is one of your best ways to prevent others accessing your account.

Password recommendations

My password has appeared in a data breach, what does this mean?

Use a password manager to help you generate strong passwords

Creating a unique password for every site makes it hard to remember all those passwords so rather than setting weaker passwords, reusing them, or following a pattern that can be guessed you should use a password manager. These can generate strong, unique passwords for you so you only need to remember the one strong password to lock and unlock the app.

Some popular options include 1PasswordEnPass (free option available), Bitwarden (free for personal accounts), and Dashlane (free option available).

Enable MFA to protect your account

Multi factor authentication (MFA) is the number #1 way to protect your account from being accessed by someone other than yourself. When you enable MFA on your account, you are telling us to only accept a login to your account where the login provides the thing you know (your username and password) and the thing you have (your short lived login code, Yubikey, fingerprint, etc.). Now to take over your account the attacked needs to also get hold of the device that you user to authenticate your login, whether that is a hardware device (like a Yubikey) or a software device (like a code generator app on your phone). This makes it far harder for them to succeed.

What is multi factor authentication (MFA) and why should I use it?

Setting up MFA on my account

Always log out when using a shared computer

Most browsers will remember your login sessions, even after your close the tabs or windows you where using. If you are using a shared machine we recommend not checking "remember me" at login, and making sure you always log out of our account when you are finished using Tryst. This ensures that someone can't open a browser and have immediate access to your account.