Zerodha new device login notification

The Zerodha new device login notification is an alert sent to your registered email and your current device the moment your correct Kite password is entered on a device Zerodha has not seen before, sent before two-factor authentication is completed. It tells you that your login credentials have been entered on a new device, so you can confirm the login was yours or act quickly if it was not. The notification keys on the device, which is what separates it from the login-from-a-different-city alert that keys on IP location.

The detail that matters most, and that most clients miss, is the timing. Zerodha fires this notification “as soon as the correct password is entered on a new device before the 2FA is entered.” It does not wait for a successful login. The reason is deliberate: even if your second factor, your TOTP or app code, stops an intruder from getting in, the fact that the password was accepted tells you the password itself is known to whoever used that device. The alert is therefore a warning about your credential, not just a record of a completed login.

This article explains exactly what triggers the notification, why it arrives at the password stage rather than after login, how to tell a genuine own-login from an intrusion, the steps to secure the account if the login was not you, the quirk that different browsers count as different devices, and how this alert relates to the other login and 2FA alerts on a Zerodha account.

Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.

What triggers the notification

The trigger is a password, not a device alone. When your correct Zerodha password is entered on a device that is new to your account, the notification goes out immediately. Zerodha’s documentation is precise that it fires “as soon as the correct password is entered on a new device before the 2FA is entered,” and that it “informs the user that their login credentials have been entered on a new device.”

This has a clear implication. A wrong password on a new device does not fire it; the notification is specifically about the correct password working on an unfamiliar device. So the alert is doing two jobs at once. If the login was you, it is a benign record. If it was not, it is telling you something important and uncomfortable: your password is correct in someone else’s hands. That distinction is why you should never dismiss this notification on autopilot.

Why it arrives before 2FA

Most people expect a login alert to confirm a completed login. This one fires one step earlier, at the password, and the reason is the threat model it is built for. Two-factor authentication is the wall that stops an attacker who has your password but not your second factor. If the alert only fired after a successful login, an attacker who had your password but was blocked by 2FA would generate no warning at all, and you would never learn your password had leaked.

By firing at the password stage, the notification surfaces the credential exposure regardless of whether 2FA holds. A blocked login still tells you the password is compromised, which is the cue to change it before the attacker also obtains your second factor. This is the same defence-in-depth thinking behind the multiple-incorrect-2FA notification , which warns you when someone is failing at the second factor. Together the two alerts cover both halves of a login: the password being known, and the second factor being attacked.

How to verify it was you

Run through the situations where you yourself trigger the notification, because most of the time you are the cause:

• A new phone or tablet. Installing Kite on a new device and logging in is a textbook trigger.
• A reinstalled app. Deleting and reinstalling Kite, or a factory reset, makes the device look new even on the same hardware.
• A different web browser. Zerodha treats “Kite web sessions on different web browsers as separate devices,” so logging in on Chrome after using Firefox, or in a fresh browser profile or incognito window, fires it on your own computer.
• A cleared browser. Clearing cookies or browsing data can make a familiar browser present as new.

If the notification lines up with one of these, the login was yours and no action is needed. If it does not, if you were not logging in anywhere when it arrived, treat it as a credential-exposure event and move to the security steps. A “Did you know” note Zerodha attaches to this alert is relevant here: per an NSE circular, brokers must store and share the device details used to place, modify and cancel orders, so the device record behind this alert is also part of the regulatory order-trail, not just a convenience.

Securing the account if it was not you

If you did not enter your password on a new device, your password is compromised, even if 2FA stopped the login. Zerodha’s instruction for an unrecognised login is unambiguous: “the password must be changed immediately to prevent the account from being compromised.” Do that first; see how to recover or reset your Kite password , which works on both the Kite app and Kite web.

Then close the gap that let the password matter. Enable TOTP if you have not, so that a password alone can never complete a login again: the attacker would also need a time-based code from your authenticator app. Review your active sessions from My profile and clear them so no logged-in session of the attacker’s survives the password change. If you see trades or fund movements you did not make, or you cannot regain control, raise a ticket with Zerodha and treat it as a security incident; cross-check the exchange trade SMS and the CDSL demat-debit SMS to see whether anything moved while the account was exposed.

How it relates to the other login alerts

Three alerts cluster around logging in, and each watches a different thing.

Read together, they let you reconstruct what happened. A new-device notification with no different-city alert means the unfamiliar device was on your usual network. A new-device notification followed by a multiple-2FA notification means someone has your password and is now attacking the second factor, the strongest signal to change credentials at once. The shared-IP alert is a separate, surveillance-driven message and does not belong to this login-security cluster.

See also

• Zerodha
• Kite by Zerodha
• Kite web
• Zerodha Console
• Login from a different city alert
• IP address shared alert
• Multiple incorrect 2FA notification
• Zerodha trade SMS alerts
• How to recover or reset your Kite password
• How to reset 2FA on Zerodha
• How to set up TOTP on Zerodha
• How to recover a lost TOTP on Zerodha
• Kite app code: TOTP versus SMS OTP
• How to enable device lock on Kite
• How to enable biometric login on Kite
• How to unblock a Kite account
• How to revoke connected apps on Kite
• How to secure your trading account
• Zerodha cyber security
• Why a risk disclosure shows on every Kite login
• Zerodha hack and security incidents
• Is Zerodha safe
• How to change your mobile number on Zerodha
• National Stock Exchange
• SEBI

External references

• Zerodha support: Why was a notification sent for logging into Kite on a new device?
• Zerodha support: Why did I receive an email about login from different city?
• Zerodha support: Why was a notification sent for entering multiple incorrect Two Factor Authentication (2FA)?
• Zerodha security page
• SEBI investor website

References

1. Zerodha support, Why was a notification sent for logging into Kite on a new device? (as of 21 June 2026).
2. Zerodha support, Why was a notification sent for entering multiple incorrect Two Factor Authentication (2FA)? (as of 21 June 2026).
3. NSE requirement that brokers store and share device details used to place, modify and cancel orders (referenced in Zerodha support documentation).