Always Use 2Fa For Your Exchange Accounts

akram143

full member

Activity: 1106

Merit: 166

★777Coin.com★ Fun BTC Casino!

Quote from: Daffadile on August 28, 2019, 07:19:06 PM

Quote from: Pmalek on August 28, 2019, 01:13:06 PM

Quote from: jjbanks994 on August 28, 2019, 01:06:45 PM

Thank you for your advice. Do we believe that 2FA is strong enough though? I thought that is what became compromised during the Binance hack

During a hack of a exchange it is usually the accounts that don't have 2FA enabled that get emptied. Those that do are safe. The only way to bypass 2FA is to replicate the SIM card and get the 2FA codes sent to the duplicated SIM card.

I am not sure how someone would hack your F2A, somehow reroute the code to the hacker somehow? I think F2A is pretty safe. Ledger is basically an advanced F2A and the new mewconnect also acts as an advanced F2A
I am not sure if anyone has ever been hacked using F2A. It would be interesting to find out. Maybe someone who knows more then us can answer us?

Third party authentication recorded hacked and there are some ways to hack it actually.

4 Methods to Bypass two factor Authentication

tbct_mt2

hero member

Activity: 2366

Merit: 838

2FA is not enough to secure your accounts, and more importantly secure your accounts on exchanges by yourself is not enough. Exchanges can be hacked, and you are unable to secure exchanges by yourself.
In a nutshell, activating your 2FA on exchanges is good step to enhance your accounts and your funds store on exchanges if you want to trade.
Whenever you don't have plans to trade, ie. when market turns into long-term bearish market, you should withdraw your funds from exchanges.
There you go:
Newbies - Read before using exchanges or investing
Electrum wallet - Update safely and avoid phishing wallets?

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: Daffadile on August 28, 2019, 07:19:06 PM

I am not sure how someone would hack your F2A, somehow reroute the code to the hacker somehow? I think F2A is pretty safe. Ledger is basically an advanced F2A and the new mewconnect also acts as an advanced F2A
I am not sure if anyone has ever been hacked using F2A. It would be interesting to find out. Maybe someone who knows more then us can answer us?

You mean 2FA, right? He is talking about SMS based 2FA, which is a terrible idea. Have you never seen this? https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

Daffadile

hero member

Activity: 1162

Merit: 500

CryptoTalk.Org - Get Paid for every Post!

Quote from: Pmalek on August 28, 2019, 01:13:06 PM

Quote from: jjbanks994 on August 28, 2019, 01:06:45 PM

Thank you for your advice. Do we believe that 2FA is strong enough though? I thought that is what became compromised during the Binance hack

During a hack of a exchange it is usually the accounts that don't have 2FA enabled that get emptied. Those that do are safe. The only way to bypass 2FA is to replicate the SIM card and get the 2FA codes sent to the duplicated SIM card.

I am not sure how someone would hack your F2A, somehow reroute the code to the hacker somehow? I think F2A is pretty safe. Ledger is basically an advanced F2A and the new mewconnect also acts as an advanced F2A
I am not sure if anyone has ever been hacked using F2A. It would be interesting to find out. Maybe someone who knows more then us can answer us?

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: jjbanks994 on August 28, 2019, 01:06:45 PM

Thank you for your advice. Do we believe that 2FA is strong enough though? I thought that is what became compromised during the Binance hack

During a hack of a exchange it is usually the accounts that don't have 2FA enabled that get emptied. Those that do are safe. The only way to bypass 2FA is to replicate the SIM card and get the 2FA codes sent to the duplicated SIM card.

jjbanks994

jr. member

Activity: 255

Merit: 3

Thank you for your advice. Do we believe that 2FA is strong enough though? I thought that is what became compromised during the Binance hack

OcTradism

hero member

Activity: 1722

Merit: 801

Quote from: Furryball on August 17, 2019, 01:00:30 PM

The best 2FA app is Authy because of its backing optiona that you cant find on google Auth app,once google auth app is broken its goodbye to all your auth codes and you will lose access to your exchange account

The best one, Authy or whichever app, will not totally protect you from threats, if you are carelesly using your devices and not carefully backup your 2FA codes, and store backups safely.

Furryball

member

Activity: 490

Merit: 19

The best 2FA app is Authy because of its backing optiona that you cant find on google Auth app,once google auth app is broken its goodbye to all your auth codes and you will lose access to your exchange account

OcTradism

hero member

Activity: 1722

Merit: 801

Important note:

2FA is essential for your important accounts. Sure, you have to activate 2FA feature for your accounts.

Steps to secure your accounts and money with 2FAs:
- Creating account.
- Don't send money to new registered account.
- Activating 2FA feature (write down 2FA codes before clicking on button to activate that feature)
- Uninstall 2FA softwares or create a new account in that software with 2FAcode backup
- Using that 2FA code backup and try to log in your account to check that you write down 2FA code correctly or not.

If you can log in your account, it means you write down 2FAcode correctly, and you will be safe next time by using this in case you lose your phones.

It is dumb to backup 2FA code, but write it down incorrectly and not recheck/ retest it, and backup is pointless in case you lose your phones.

Dread Pirate Roberts

sr. member

Activity: 1512

Merit: 326

Using 2fa is very necessary because hackers will most likely be able to get into our account by cracking our passwords or misuse of our data on the internet. 2fa prevents the first stage of a hacker if he manages to get an access password from the account itself.

Rose_btc

member

Activity: 96

Merit: 22

Quote from: jossiel on August 06, 2019, 11:26:41 PM

I've received various notifications that one of my exchange account (no balance) has been attempting to log in different countries. I might be ignorant before of logging in some forms before but now I'm more careful.

2FA really helps for me, I use google auth and at the same time if the exchange you use has other 2FA option, do it. Also be careful in websites that you sign up.

I would like to highlight one more thing it is always better to have 2FA enabled on our Email accounts as well. As rest password or withdrawal confirmations of few exchanges are done through email.

jossiel

hero member

Activity: 3150

Merit: 636

DGbet.fun - Crypto Sportsbook

I've received various notifications that one of my exchange account (no balance) has been attempting to log in different countries. I might be ignorant before of logging in some forms before but now I'm more careful.

2FA really helps for me, I use google auth and at the same time if the exchange you use has other 2FA option, do it. Also be careful in websites that you sign up.

Culiva

newbie

Activity: 11

Merit: 0

Quote from: Raymondavid47 on July 16, 2019, 05:44:43 PM

Recently I have been receiving emails that someone is login in into some of my exchange accounts that I didn't activate my 2fa settings. Although I don't have money In them, but now I see how unsecured they are without the 2fa settings being activated. So my advice to you is to activate your 2fa settings in any exchange you are trading on to avoid unwanted entries or hacking. Be safe

Dont forget your recovery phrase too,in case someting happens to your device.

OcTradism

hero member

Activity: 1722

Merit: 801

Quote from: Lucius on July 18, 2019, 08:30:33 AM

It is true that using 2FA is provide extra security, but as other say it is not something that is 100% safe. In some cases of hacking user 2FA is just bypassed, and then user ask how something like that is possible. Hackers always work on cracking such security services because they know most users think that 2FA is some kind of ultimate protection.

I do think that 2FA is good, and play key roles to protect exchange's user accounts, beside security of users' devices. However, only 2FA of exchange account is not enough.
I do think that crypto investors/ traders should do two-hierarchial 2FA protections:
- One for their exchange account.
- One for their email that used to register account on exchange.
It is very important to do this step:
- Don't log in exchange account and emails on same devices.
Example:
If you have an email that always log in on your phones/ tablets, whatever, you should not log in your exchange account on that device.
Hackers can hack one of your devices, but it is too rare to hack all of your devices.
Personally, I never log in my emails / exchange accounts on mobile devices, just for security, and just in case.
(Hackers can hack my mobile devices, when my kids play on my phones, and unintentionally do stupid things, but they will get nothing, because I don't store any private details on my phones).

Little Mouse

legendary

Activity: 2156

Merit: 2100

Marketing Campaign Manager |Telegram ID- @LT_Mouse

Even 2FA isn't secure these days, although there's no more safe way to protect your account. In bittrex (probably, can't remember the name), someone lost his 2k EUROS even though he had 2FA set.

CryptoInsights

member

Activity: 141

Merit: 19

I would like to highlight one think "Please check the URL of the browser before entering the credentials and 2FA". I had faced this once, where I was login in to an exchange and the URL was changed(I had not noticed) and I had entered my credentials and 2FA and was hacked. When I noticed that the URL was wrong, I logged off but, I was hacked Undecided

Please be careful while login. Keep stronger password and please do enable 2FA.

harizen

legendary

Activity: 3122

Merit: 1398

For support ➡️ help.bc.game

Quote from: Raymondavid47 on July 16, 2019, 05:44:43 PM

Recently I have been receiving emails that someone is login in into some of my exchange accounts that I didn't activate my 2fa settings. Although I don't have money In them, but now I see how unsecured they are without the 2fa settings being activated. So my advice to you is to activate your 2fa settings in any exchange you are trading on to avoid unwanted entries or hacking. Be safe

Did they successfully log in to your accounts or just an attempt?

At most of the cases, even without an activated 2FA, there should be some necessary steps required before a successful login like email or phone confirmation especially in an unrecognized device or IP.

And ever wonder why those hackers know that you have an account at the specific exchange? Stay out joining a mailing list at random sites.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

It is true that using 2FA is provide extra security, but as other say it is not something that is 100% safe. In some cases of hacking user 2FA is just bypassed, and then user ask how something like that is possible. Hackers always work on cracking such security services because they know most users think that 2FA is some kind of ultimate protection.

I just read how hackers can bypass 2FA by using phishing, and I will quote most interesting part :

Quote from: https://fortune.com/2019/06/04/phishing-scam-hack-two-factor-authentication-2fa/

The hack employs two tools, called Muraena and NecroBrowser, which work in tandem to automate the attacks. The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber, and NecroBrowser as the getaway driver.

Muraena intercepts traffic between the user and the target website, acting as a proxy between the victim and a legitimate website. Once Muraena has the victim on a phony site that looks like a real login page, users will be asked to enter their login credentials, and 2FA code, as usual. Once the Muraena authenticates the session’s cookie, it is then passed along to NecroBrowser, which can create windows to keep track of the private accounts of tens of thousands of victims.

So when it comes to crypto exchanges users should be especially careful how they use 2FA, it can be safe until the moment when you run into the trap like posted above.

Kakmakr

legendary

Activity: 3542

Merit: 1965

Leading Crypto Sports Betting & Casino Platform

Quote from: DdmrDdmr on July 17, 2019, 04:11:41 AM

Quote from: mk4 on July 17, 2019, 04:02:26 AM

<…> Also, use Google 2FA and not Authy.

What do you find specifically wrong with Authy to discourage its use?

I personally went from Google 2FA to Authy in order to be able to clone my 2FA setting on multiple devices in case my phone was either stolen or ended up broken. Of course you should also keep the backup code provided by each site, but I find Authy’s backup feature interesting.

Arguably, one could also vouch precisely against this feature, since the backup feature itself, even if encrypted as it is, could potentially be exploited at some point.

Well, Authy has been exploited before, see this : https://99bitcoins.com/which-cryptocurrency-sites-are-impacted-by-authy-2fa-security-exploit/

and also

https://bitcoinist.com/authy-vulnerability-exposed-users-affected/

I also do not trust Google 2FA Roll Eyes

- https://shahmeeramir.com/4-methods-to-bypass-two-factor-authentication-2b0075d9eb5f?gi=42d81178d781

https://techcrunch.com/2018/05/10/hacker-kevin-mitnick-shows-how-to-bypass-2fa/

I agree it is better to have a second layer of protection, but it is not to say that these technologies are bulletproof. Wink

TryNinja

legendary

Activity: 2758

Merit: 6830

Anything is better than Google 2FA (Google Authenticator).

I personally prefer andOTP (unfortunately Android-only) or Authenticator Plus. Both are open source, work well and have backup options (to anywhere you want).

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: DdmrDdmr on July 17, 2019, 04:11:41 AM

What do you find specifically wrong with Authy to discourage its use?

I should've worded that more clearly. It's not that I discourage the usage of Authy, it's just that I far recommend the usage of Google's 2FA app; and that's because with Authy, your backup is stored in the cloud. Yes, I think it's secure as it's surely encrypted, but I still find it inferior security wise to Google's 2FA due to this reason.

tldr; Google 2FA > Authy > No 2FA at all, and backup your Google 2FA codes on paper

Quote from: nakamura12 on July 17, 2019, 04:52:30 AM

Yes it's true that Google 2FA doesn't have a backup feature that will let you transfer from your phone to another phone if that case you mention might happen.

You can import the 2FA to another phone if you've written down the backup code.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Quote from: DdmrDdmr on July 17, 2019, 04:11:41 AM

Quote from: mk4 on July 17, 2019, 04:02:26 AM

<…> Also, use Google 2FA and not Authy.

What do you find specifically wrong with Authy to discourage its use?

I personally went from Google 2FA to Authy in order to be able to clone my 2FA setting on multiple devices in case my phone was either stolen or ended up broken. Of course you should also keep the backup code provided by each site, but I find Authy’s backup feature interesting.

Arguably, one could also vouch precisely against this feature, since the backup feature itself, even if encrypted as it is, could potentially be exploited at some point.

Yes it's true that Google 2FA doesn't have a backup feature that will let you transfer from your phone to another phone if that case you mention might happen. I also don't see any much problem with google 2FA if a person is not lazy to do the things you need to de when keeping a backup of the 2fa code in case your phone is broken or stolen. Since the time I know about authy i've been using it until now that I also went from google 2fa to authy but I still use google 2fa or in short I use both authy and google 2fa and having a android emulator in the computer for the google 2fa backup.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: mk4 on July 17, 2019, 04:02:26 AM

<…> Also, use Google 2FA and not Authy.

What do you find specifically wrong with Authy to discourage its use?

I personally went from Google 2FA to Authy in order to be able to clone my 2FA setting on multiple devices in case my phone was either stolen or ended up broken. Of course you should also keep the backup code provided by each site, but I find Authy’s backup feature interesting.

Arguably, one could also vouch precisely against this feature, since the backup feature itself, even if encrypted as it is, could potentially be exploited at some point.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Not only on your exchange accounts, but all the websites you use in general that as either money, or sensitive personal information. Having 2FA is seriously a very small price to pay(just a slight hassle), in exchange for significantly increased security.

Also, use Google 2FA and not Authy.

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

That is why it's advisable to use the two-factor authenticator to keep your any exchanges account safe and always use a unique password for every exchange because there is a possibility that one of the exchange is compromised. So don't keep using one password for all exchanges or any website.

Check this thread below to keep your account safe.

- [Guide] Stay safe when dealing with Exchanges.

Also, beware on Phishing this might be the reason why someone knows about your credentials.

Check this guide.

- [GUIDE] Use this for identifying Scam/Phishing Websites & Exchanges in Crypto

Raymondavid47

jr. member

Activity: 546

Merit: 3

Recently I have been receiving emails that someone is login in into some of my exchange accounts that I didn't activate my 2fa settings. Although I don't have money In them, but now I see how unsecured they are without the 2fa settings being activated. So my advice to you is to activate your 2fa settings in any exchange you are trading on to avoid unwanted entries or hacking. Be safe

Topic: Always Use 2Fa For Your Exchange Accounts (Read 483 times)