Help · Account & security
Your account, your keys.
Friendly is passwordless. Sign-in uses a one-time code; the heavier guardrails (passkeys, 2FA, session management) layer on top.
Sign-in methods
- Phone OTP — a one-time code sent by SMS. Single-use, expires in minutes.
- Email OTP — a one-time code sent to your inbox.
Passwords aren't used anywhere on Friendly — there's nothing to leak.
Passkeys & 2FA
Passkey sign-in is rolling out as a stronger alternative to OTP (your device proves identity to Friendly via WebAuthn, no shared secret). When available, enable it from Privacy & data → Active sessions. Until then, OTP delivery itself counts as a possession factor.
For high-stakes accounts you can also enroll an authenticator-app code (TOTP) as a backup factor; we'll expose this in the app's settings as 2FA ships.
Active sessions
The Active sessions screen lists every device currently signed in to your account — the device on hand is marked as the default. Sign out of any session remotely if a device is lost, sold, or just no longer yours.
If you lose access
Lost the phone, changed numbers, or can't receive your OTP? Email support@friendly.mobi from a recovery address you used during sign-up. We'll verify ownership against signals already on the account (registered email, recent device fingerprint, recent transaction activity) and reissue access — typically within one business day.
We never ask you to send your OTP or any verification code over email. Anyone who does is impersonating us.
Phishing & impersonation
Spotting a real Friendly message:
- Genuine sender domains are @friendly.mobi or @tanvrit.com. Anything else (.net, .co, look- alike Cyrillic letters) is not us.
- We will never ask for your OTP, password, recovery code, or wallet PIN — by email, DM, phone, or in-app message.
- Genuine emails about payments, deletions, or account changes always link to
https://friendly.mobi— not a redirect through a third-party domain. - Inside the app, the privacy badge on a 1:1 conversation guarantees end-to-end encryption — a real Friendly support rep will not appear there unsolicited.
If you think you received a phishing attempt, forward the message to security@friendly.mobi with full headers — we publish each pattern so other users can recognise it.
Deleting your account
You can request account deletion at /account/delete. We'll confirm by email, retain only what we legally must (tax/financial records), and remove the rest. Encrypted message contents we never had access to are unrecoverable for anyone — including us.
Next
- Privacy & safety — block, report, what we never do.
- Security overview — the wider picture.
- Specific question? Email support.