Author

Topic: [guide] Make sure your exchange account is safe (Read 135 times)

newbie
Activity: 56
Merit: 0
December 03, 2017, 09:33:12 AM
#1
There's a lot of newcomers joining the crypto in space in recent months and not all of them are aware of the potential risks. So, I decided to write a detailed guide on how to protect your exchange account.

That's some very basic tips but necessary ones to ensure that your funds are safe. Have a read Wink

You can alternatively read this on my Steemit or Medium profile:

Quote
It’s a well-known fact that keeping your funds on a cryptocurrency exchange isn’t the safest option but it provides liquidity of funds and that’s exactly what you need whilst trading.

In this article, I will describe how you can protect yourself using various available methods. Keep in mind though that not all of those mechanisms are available on every exchange. Without further ado let’s get started:


First things first you always have to login in order to change settings for your account. Make sure you do it correctly though. Login to websites that starts with https://. HTTPS is an encrypted version of HTTP protocol which prevents capturing and changing data that you’re sending to the server. I recommend using an extension for your browser like “HTTPS Everywhere”.

Also, be aware of phishing sites that may steal your logging data, you should check if the website address is correct.

Another thing to avoid is accessing your exchange accounts from public WiFi spots without a strong encryption like WPA-2 protocol.

For extra safety, you can also consider creating email address dedicated to the certain site and never share it with anyone. Although if you gonna use your regular email address, you should enable 2FA when logging in (especially for Google accounts).


The most common way to add extra security to your account is enabling Two Factor Authentication (2FA) where you simply receive a disposable code for certain purpose. Depending on the exchange you’re using the options may vary from email, SMS or other app generating unique codes that are being used during certain activities. It’s up to you which one you will choose, but I recommend using Google Authenticator mobile app which generates disposable code every 30 seconds.

If you decide to enable Google Authenticator code on your exchange account, you will receive a unique QR code (or a line with random digits and letters to enter manually) that you need to scan with your smartphone app or a browser extension like “Authenticator” for Chrome.

Important note: make sure you made a backup screenshot of said code (preferably on pendrive or encrypted on your computer) because if your app will break and lose all its data you will still be able to recover it on your own without contacting support!

The most common 2FA use cases: logging in, withdrawals, changing the password.

You may also want to set up security questions. The possibilities there are endless and it’s all up to your creativity. My advice tho will be to create questions of which only you know answers.


If you wanna be extra cautious you can enable notifications about details such as account successful/unsuccessful login attempts, logins from different IP addresses or withdrawal details.

But if you don’t want your mailbox to be flooded with emails every time you log in or make a transaction then don’t select every checkbox possible.


Some exchanges offer you enabling PIN password that you can create on your own.
It simply consists of few digits, the length of this number may vary depending on exchange security standards (it’s usually 4-6 digits).

If you have static IP address then whitelisting it will be your best bet, so no one from the outside can ever login to your account. You most likely will be also able to specify your IP range. Keep in mind you won’t be able to login from your smartphone then.

Withdrawing settings are very important when available. You can, for example, send your funds only via chosen IP or instantly lock your withdrawals when new IP address is used and receive notification about the potentially suspicious activity.

Some exchanges have also an option to enable special confirmation image where you have to enter confirmation number that appeared there.

Whitelisting your withdrawal addresses is one step forward towards your security. You can whitelist your private wallet address. Even if you somehow mistype one letter when sending cryptocurrencies, you won’t be able to send your funds anyway so ultimately you won’t lost any money. There should be also an option to turn off withdrawals for certain coins.

It’s highly advised that during a single login session you will be automatically logged out when you won’t perform any actions after the certain period of time. If you have that option available make sure to turn it on.

On most exchanges you will have access to all of your activity, which includes login attempts/withdrawals history on your account – you can review this section occasionally to make sure nothing suspicious has ever happened.

Summary:

The level of security you choose depends on your own comfort with the money you keep on exchange wallets. Just think if you really want to go through few different authentication processes while logging into your account with $5 worth of investments and you’d do it at least twice a day? That would be too much of a hassle for you. On the other hand, it will be foolish to login only using password on the account worth $10 000, isn’t it?

Which cryptocurrency exchange should I choose?

The one that has most security options and stores your money in cold wallets (offline wallets). A good reputation is also a thing to look up to. Although those exchanges have often higher fees to provide for themselves, so it’s up to you if you want to pay a higher price for extra safety or play a calculated risk game.

You should also keep as much money on trading sites as you can afford to lose, a good idea will be to spread your funds on at least two different exchanges. If you have some significant amount of cryptos that are valuable to you (and don’t wanna lose it), then send them to your private software/hardware wallet (with access to your private key) in order to make sure you’re safe. Even then you have to be aware of all kinds of traps where your money can be stolen or lost depending on the type of wallet you have chosen, but that’s a whole different topic to talk about.

I hope you’ve found these tips helpful, happy trading!
Jump to: