How can you enhance your account security? Right now, most of you have an account on Coinbase/GDAX that requires just your email and password to log in. Two security enhancements are to create a new email for your crypto exchange accounts (not use your main, personal email), and use a complex and different password for all of your accounts. But should you feel safe by just doing this? Well, what if a criminal obtains your email and password by either stealing the document that you wrote your password on or by phishing? (An example of phishing is when you open up an email from coinbasc.com with a link to reset your password and then you proceed by logging in with your email and password. By the time you realize that the link didn't take you to the actual coinbase.com website (note that the 'e' if a 'c'), the criminal that sent you the phishing email now has your email and password to steal all of your money!)
So how do you add another layer of security? With two factor authentication or 2FA! When you set up an account with 2FA, you are not just required your username/email and password to login but also a second piece of information. This second piece of information usually comes in the form of a code from a security token. At a set interval (about 30 to 60 seconds), this code will change which means you must have the device on hand to complete the 2FA. Therefore, if a hacker has your username/email and password, they will also need the code on your device to gain access to your account.
What is the best way to set up your 2FA? You could get your 2FA from SMS (text message), but hackers can intercept your code by pretending to have your phone number. It's best to use an app on your device, and I'll compare 2 of the top apps: Authy and Google Authenticator.
Authy vs Google Authenticator
Setting up 2FA on Coinbase is easy: navigate to 'Settings' > 'Security' > then scroll down a bit to 'Two-Factor Authentication'. You can either scan the QR code or type in the key manually to complete the set up. Refer here for details: Coinbase 2FA. Setting up 2FA on other exchanges is very similar.
Now, which 2FA is best? I've tried both and I prefer Authy. Here's why:
1) Multiple Devices
Authy supports multiple devices which means you can set up Authy on any of your devices (phone, tablet, computer), and obtain the code from any of them. With Google Authenticator, you are limited to only one device.
2) Lost Phone Recovery or New Phone Set Up
If you use Google Authenticator and lose your device, there is no way to recovery your 2FA accounts and receive your codes. Also, if you get a new phone, you will need to manually reset all your 2FA accounts and set up on your new phone.
If you get a new phone or lose your device with Authy, you can access your accounts on another device (with Authy multi-device set up), or regain access via Authy backup. In other words, lose your device with Google Authenticator and you lose access to all your accounts forever! Refer here for Authy backup details: Backup Authy
3) Supported Exchanges
Even if your crypto exchange account says, "Set up 2FA with Google Authnticator" and doesn't mention Authy, you can still use Authy. (I have used Authy for many accounts and have had ZERO issues)
Conclusion
Follow the steps above to deter hackers from stealing your money. (Recap: use new email/username, strong and different password, and 2FA with Authy.) In addition, check your email alerts and review your login/account history. Depending on the exchange platform, emails alerts will notify you if your account was accessed by a new device or location, or there were multiple failed login attempts. If you didn't cause the alert (i.e., didn't log in via new device or from a new location, or didn't mistype your password more than 10 times in a row), then your account is probably compromised. Therefore, change your password and potentially email/username. Also, if your login/account history doesn't match up with when you accessed your account (i.e., your login history says you logged in last week but you didn't access your account in a month), be sure to change your username/email, password, and reset your 2FA.
As the world continues to adopt cryptocurrency, hackers will have more incentive to steal from your accounts. Please ensure you are taking adequate security measures to keep your money safe!
Ready for more advanced tips? Come and join the picnic!
No comments:
Post a Comment