Lock down your Shuffle account: 2FA, anti-phishing codes, withdrawal whitelist.

Autenticação de dois fatores (2FA)

Once enabled, you'll enter a 2FA code at login and again when confirming withdrawals. O código prompt appears after the standard username and password step.

1. Go to Account Settings. Select Security.
2. Under Two-Factor Authentication, clique Enable.
3. Open Google Authenticator, Authy, or your TOTP app of choice. Toque the + icon to add a new account.
4. Scan the QR code shown on Shuffle's screen, or enter the manual key if your app doesn't support scanning.
5. Enter the six-digit code generated by your app to confirm setup.
6. Save your backup codes somewhere offline. These let you recover access if you lose your phone.

Código anti-phishing

Phishing attacks typically involve fake emails that look identical to official casino communications but link to malicious sites. Shuffle counters this with a custom anti-phishing code: you set a short word or phrase in your security settings, and every legítimo Shuffle email will display this code at the top.

If you receive an email claiming to be from Shuffle and it doesn't show your anti-phishing code, it's fake. Delete it and don't clique any links.

To set it up: Account Settings, Security, Anti-Phishing Código. Choose something memorable but not guessable. O código starts appearing on all Shuffle emails within minutes of saving.

Withdrawal address whitelist

The withdrawal whitelist means you pre-approve specific endereço de carteiraes in your configurações da conta. Once enabled, Shuffle will only process withdrawals to those addresses. A request to any other address will be blocked, even if the attacker has your login credentials and 2FA code.

For most players, this means adding the one or two wallets you regularly use. Addresses can be managed in Account Settings under Security. Adding a new address triggers a confirmation email to your se cadastrared address and a time-delay before it becomes active (Shuffle uses this delay to give you a window to cancel if the addition was unauthorised).

The whitelist is the strongest of the three security tools because it limits the damage of a full account compromise. Even with everything else, funds can only go to your pre-approved address.

Password and email security hygiene

The three Shuffle-native security tools work best alongside good general hygiene: a unique password used only at Shuffle (a password manager makes this fácil), a dedicado email address for the account, and avoiding logging in on shared or public devices.

Shuffle's official domain is shuffle.com. The support email is accessible via chat ao vivo, and the deposit address shown in o caixa changes with each new deposit request as is standard for carteira criptos. If you ever receive an email asking you to send cripto directly or to entrar via a link that doesn't resolve to shuffle.com, treat it as a phishing attempt.

Após o vazamento de dados de outubro de 2025: contexto

In October 2025, Shuffle's third-party CRM provider Rápido Track was compromised, exposing personal data including names, emails, addresses, phone numbers, and transaction histories for the majority of Shuffle users at the time. Passwords, login credentials, and player funds were not compromised in the breach.

The practical takeaway for current players: if you se cadastrared before late 2025, your personal details may be in the wild. The risk vector is targeted phishing using that data. The anti-phishing email code and 2FA combination significantly reduces that risk. Shuffle recommended enabling 2FA immediately after the breach was disclosed. If you haven't done it yet, do it now.