Be careful when creating an OTP certificate for an account that is at risk of hacking.

It is translated from @coinist

Recently, many security issues such as personal information leakage of Bithumb Exchange have occurred. Therefore, many people are using OTP (2-channel authentication).

However, there is one thing to keep in mind when setting up a new OTP. It is the code that is created when OTP is created. OTP settings can be made using QR codes or character codes as shown below.

If a hacker who hacked an exchange's account in the past has stored this OTP code in advance, then if you activate the OTP, Hacker will use the OTP through a OTP recovery process.
(If you do not activate the OTP account, you will know the code if you are going to activate it, but you will not be able to activate it yourself because it requires phone authentication and email authentication, but wait until the user activates OTP You can steal OTP, like a Trojan horse.

So if you want to activate OTP, please follow the steps below.

1.First activate the OTP in the normal way.

2.Deactivate the activated OTP.

3.Activate OTP again (this process will update the OTP recovery code, so the code the hacker has is useless).

It seems that the recovery code has changed before the OTP activation (whether it changes each time it logs in or changes each time it is activated) is still different for each exchange. I set up all exchanges OTP once.

If you activate a new OTP after the latest information exchange or hacking, please disable it and regenerate it.