Always Put 2FA on Your Exchange Accounts

in #bitcoin7 years ago

Lately there is more and more hacks, phishing and people are affraid of doing 2FA, because they think it will make things hard.

Sure it makes you do one extra step when logging in or withdrawing, but it can save you money. Set it up on all exchanges that you use. I also hope one day it will be on STEEM somehow but at least we have recovery option here so we are covered a little but more than on usual wallets.

What is 2FA


Two factor authentication. Means to do something it has to be two times checked, usualy by password and a generated token. The token can be on SMS, Email or Auth App. And i suggest AUth App.

Email or phone can be hacked, hijacked - Auth App is little bit harder but of course possible.

Set It Up


Usually exchanges use Google Authenticator so just download it. Now since you cant back it up,m a good idea is to install it on 2 different phones. Then load the app, scan code that exchange gives you and you are set.

The best is to set this on login and withdrawals. If exchange doesnt have this option - skip it!

I heard many "stories" that on certain exchanges people ALWAYS got "hacked" if they didnt set it up.

Do IT!

Dont be scared of technology, just do it. It will save you sometime in the future.


This also applies to Facebook, Gmail and many other sites. But exchanges hold your money that can be lost forever. Keep that in mind.

Follow, Resteem and VOTE UP @kingscrown creator of http://fuk.io blog for 0day cryptocurrency news and tips!

Sort:  

2FA is a requirement for anyone taking security seriously. You also need to make sure you backup your authenticator secret, so you don't get locked out by your own 2FA if you lose one device. This was very concise and well written.

very good point. Another thing. If you keep your coins on an exchange, please withdraw it and keep them safe in a cold wallet (or hardware wallet -> trezor.io).

@crystalgeometry , I totally agree with you on this. @gold84

2fa is not the greatest security around still. It's still hackable. I don't know why you all are agreeing with this. https://www.theverge.com/2017/7/10/15946642/two-factor-authentication-online-security-mess

Well, da.

nice idea

@mohammedfelahi , I agree it is important to add the 2factor authentification. This adds high security to our accounta. @gold84

Always! use 2fa.!

I agree, 2FA is a must. I recently started using the Google Authenticator and it's actually easier to use than getting a code by SMS which can be hacked by social engineering access to your mobile phone account. However, I've heard some sites have a security flaw that allows hackers to bypass 2FA by using the password reset page. Someone with your user name and access to your email (many times your user name and email address are one and the same) can log-in to a site by using the password reset feature since many sites don't require 2FA for a password reset, and log you in automatically after you reset the password. Best advice, don't keep coins/fiat on exchanges.

Another reason to avoid SMS 2FA is due to the well documented flaws in SS7 (Signaling System 7)

https://en.wikipedia.org/wiki/Signalling_System_No._7

Google Authenicator is hands down one of the best apps for 2FA

I also read today that Apple users are being extorted even though they have 2FA setup on their accounts:

http://wccftech.com/apple-icloud-ransomware-campaign/

Great pointers, thanks.

That Apple story is amazing and another message to website and app designers tht 2FA can't work if you don't require it at all times. Giving access to account maintenance and password changing without 2FA is stupid!

I work in computer security and have seen a couple of websites which require 2FA on the surface, but do not actually check for the token, or offer a 'remember me' option which bypasses the 2FA. Businesses are more worried about the user experience (usability) than making the applications secure. They miss the point that if you get hacked, people definitely won't be using the website...

Yes. A false sense of security or a way to avoid blame when they are hacked. "We had 2FA."

google authenticator is not a good idea, if you loose your phone you will be in a big troble, use authy instead.

@kingscrown - Thank you for opening my eyes about 2FA. I tried it and was too lazy to use it. You have correctly pointed out that many people will find that extra step to be hard and ignore it. However, after reading your blog, I immediately went and updated 2FA security on all accounts and downloaded the Authy app.

Thanks. Upvoted full

regards

@vm2904

Get your purchase off the exchange seems prudent as well.. even more important.

Looking at exodus.io wallet lately; a universal wallet seems to be the real solution to much of this; should be far more secure than an exchange. And it will substitute for an exchange all together, much of the time ;-)

Trezor is the next step after that.
Just expect to get hacked, I would say...

Just started using Exodus a few days ago, and I love it. It's functional, and very pleasing on the eyes. A top-notch program.

the Pillar wallet is currently being developed - it will be a one stop shop for holding, utilizing and connecting all your crypto. Seriously, check out the Pillar project...
https://pillarproject.io/

My personal data locker; the last uber-app I'll ever need.
Have to say, this seems very centralized authority driven; lots of talk about EU gov mandates.
Hum, maybe not my cup of tea, since it's still thinking in terms of centralized authority.

its not good to have all the portfolio in one wallet, single point of failure,

Paper, hardware, software.
On the software side, sure is nice to RECEIVE 10 types of tokens with 1 wallet, and built in exchange means no need for outside exchanges, in many cases.
This in my mind, ads a great deal of security to my life.
It certainly is easier to administrate.

i never even leave my tiny tokens there in the first place, i don't wanna be sniffing with my teeth

Yes that is good advise. Well worth the extra effort to make it safer.

You should be careful though, SMS and call based 2FA can turn into a weak point due to mobile network flaw.
steemit however is safe due to multi level keys and withdraw delay.

well different keys more precisely rather than multi level, but true about withdrawal delays.