Zerodha login alert geolocation account security IP address two factor authentication

Zerodha login from a different city alert

From WebNotes, a public knowledge base. Last updated . Reading time ~11 min.

The Zerodha login from a different city alert is an email, accompanied by a Kite app notification, that Zerodha sends when you log in to Kite from a city or IP address it has not seen on your account before. Zerodha judges location from the IP address of the login request, not from your physical position, so the alert is a prompt to confirm the login was yours, not a statement that someone has broken in. The decision you have to make on receiving it is binary: do you recognise this login, or not?

Most of the time the answer is yes, and the alert is a false alarm in the harmless sense. You travelled, or you turned on a VPN, or your phone switched from home wifi to mobile data, and your apparent IP location changed. Zerodha’s own documentation is explicit that “location may appear different from your physical location, even for genuine logins, because location is determined using your IP address.” The alert fires on the change of IP, and an IP change does not require anything sinister.

This article covers exactly what triggers the alert, why the city it names is often not the city you are in, the method Zerodha gives for confirming a login is yours, the benign causes that set it off, and the action steps when the login genuinely was not you. It also places this alert alongside the related new-device login notification and the shared-IP alert , which are easy to confuse with it.

Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.

What triggers the alert

Zerodha sends the email “when you log in from a new city or IP address,” and pushes a parallel notification on the Kite app. The trigger is the IP address the login request arrives from. Zerodha “verifies location using the IP address from which the login request is made,” then maps that IP to a city. If the city or IP differs from your established pattern, the alert goes out.

This is why the alert is about location, not about the device. A login from your usual laptop on a hotel wifi in another city can fire it, because the IP changed even though the device did not. Conversely, a login from a brand-new device on your home network is handled by a different alert, the new-device notification, which keys on the device rather than the IP. Knowing which alert you received tells you what changed: city-alert means the network or location changed; new-device alert means the machine changed.

Why the city is often wrong

The single most common confusion with this alert is that the city it names is not the city you are sitting in. That is expected behaviour, not a bug. Location here is reverse-geolocation from an IP address, and an IP is assigned by your internet provider, which may register or route it through a different city. A user in Pune can see “Mumbai” because the broadband carrier’s IP pool resolves there.

Zerodha states the limitation directly: the displayed location “may appear different from your physical location, even for genuine logins, because location is determined using your IP address.” Two everyday triggers follow from this. A VPN deliberately routes you through an IP in another city or country, so a VPN login will almost always look foreign. And switching networks does it too: the alert “may appear even when switching between broadband and mobile networks that have different IP addresses.” If you read a wrong-city alert and your first thought is “but I have not left town,” check whether you changed connections or have a VPN running.

How to verify the login was you

Zerodha gives a concrete three-step check rather than asking you to guess. The method compares the IP in the alert against the IP you are actually using:

  1. Verify your own IP address by searching Google for “what is my IP”, which displays the public IP of your current connection.
  2. Compare that IP against the IP address shown in the email alert.
  3. If both IP addresses match, the login came from your own connection, and you can ignore the email.

The strength of this check is that it sidesteps the city-name confusion entirely. City names are a lossy translation of an IP; the IP itself is exact. If the IP in the alert is the IP you are using right now, the login was yours, whatever city label either side puts on it. If the IPs do not match, and you cannot tie the alert’s IP to a VPN, a recent network switch or someone you authorised, then you have a login you cannot explain, and you move to the security steps below.

When the login was not you

If the IP in the alert is one you cannot account for, treat the account as potentially compromised and act the same day. The standard account-security response, the one Zerodha applies across its unrecognised-access alerts, has three parts.

First, change your Kite password immediately, to invalidate the credential an intruder may hold; see how to recover or reset your Kite password . Second, clear all active sessions: click your user ID, open My profile, scroll down and clear all sessions, which logs out every device currently signed in, including the intruder. Third, enable TOTP so that a stolen password alone cannot get back in; a time-based one-time code from an authenticator app becomes a required second factor. If you cannot regain control, or you see trades you did not place, raise a ticket with Zerodha and treat it as an incident, not a query.

A login alert you cannot explain is also a reason to review the trade and demat alerts described in Zerodha trade SMS alerts . An intruder who logged in may have traded; the exchange trade SMS and the CDSL demat-debit SMS are your independent confirmation of whether anything moved.

Telling a genuine alert from phishing

The real alert is informational. It tells you a login happened and gives you the IP to check. It never asks for your password, your OTP or a payment, and it does not push you to log in through a link in the email. Phishing inverts this: a fake “suspicious login” email manufactures urgency and then asks you to click through and enter your credentials or an OTP on a look-alike page.

The safe habit is to never act on the email’s links. If a login alert worries you, open Kite yourself by typing the address or using your saved app, check your active sessions from My profile, and run the IP comparison. You verify the alert through the platform you already trust, not through anything the email hands you. This is the same discipline that defeats the stock-tip and account-recovery scams covered under Zerodha cyber security .

See also

External references

References

  1. Zerodha support, Why did I receive an email about login from different city? (as of 21 June 2026).
  2. Zerodha support, Why was a notification sent for logging into Kite on a new device? (as of 21 June 2026).
  3. Zerodha security and account-protection guidance, zerodha.com/security (as of 21 June 2026).

Related articles

Frequently asked questions

Why did I get an email from Zerodha about a login from a different city?
Zerodha sends this alert when you log in to Kite from a new city or IP address. Location is judged from the IP of the login request, not your physical position, so the alert can fire on genuine logins after travel, a VPN, or a network switch.
The city in the alert is wrong. Why does it show a place I am not in?
Location is derived from your IP address, not GPS. Your internet provider may route you through an IP registered to another city, so the displayed location can differ from where you physically are even on a perfectly genuine login.
How do I confirm the login was me?
Search Google for ‘what is my IP’, then compare the IP it shows against the IP in the email alert. If the two match, the login came from your own connection and you can ignore the email. If they do not match, treat it as suspect.
Does switching from wifi to mobile data trigger this alert?
Yes. Broadband and mobile networks carry different IP addresses, so moving between them can change your apparent location and fire the alert even though nothing is wrong. The same applies to turning a VPN on or off.
What should I do if I did not make the login?
Change your Kite password immediately, clear all active sessions from My profile, and enable TOTP so a password alone cannot grant access. If you cannot regain control, raise a ticket with Zerodha. Do not ignore a login you cannot explain.
Is the different-city email a phishing attempt?
The genuine Zerodha alert is informational and never asks for your password, OTP or a payment. If an email claims a strange login and then asks you to click a link and log in or share a code, treat it as phishing and go to Kite directly instead.
Can I stop the login-location alerts?
There is no toggle to disable them, and you should not want one; the alert is a security signal. If it fires often because you travel or use a VPN, learn to verify it quickly with an IP lookup rather than switching it off.

Reviewed and published by

WebNotes Editorial Team

The WebNotes Editorial Team covers Indian capital markets, payments infrastructure and retail investor procedures. Every article is fact-checked against primary sources, principally SEBI circulars and master directions, NPCI specifications and the official support documentation published by the intermediary in question. Drafts go through a second-pair-of-eyes review and a separate compliance read before publication, and revisions are tracked against the SEBI and NPCI rule changes referenced in the methodology section.

Last reviewed
Conflicts of interest
WebNotes is independent. No relationship with any broker, registrar or bank named in this article.