Author

Topic: Max Security with Online Services like Coinbase Gemini Blockchain.info (Read 249 times)

legendary
Activity: 1806
Merit: 1164
Coinbase recommends you use Google Authenticator rather than Authy. That way your log in is tied to your phone, not your phone number. Having log in secured by a single physical device means you can take your phone with you on vacation and your funds should be safe. When you first set up GA for log in you are given a secret key and told to store in a safe place so if you have to replace your phone you can have seamless access to your account. With the secret key you can restore GA to a new phone. Since you are using your phone to secure your account you may as well use the email you use for your phone.
hero member
Activity: 896
Merit: 1082
I use an email account with a unique password. I do not use common passwords across my other accounts. They each have their own unique password.

I use Authy for 2FA with a prepaid phone number linked to it. The 2FA number is not the same account recovery number stored on Google Accounts.

I disabled the multi-device feature on Authy. The phone hosting my Authy is enrolled in Apple's 2FA system.

I access my email on a Chromebook. I have no extensions installed on this Chromebook.

I access my bitcoin wallet on a second Chromebook which I use exclusively for this purpose alone.

I never ever open email-delivered links and I always type website addresses I want to access.
legendary
Activity: 3808
Merit: 1723
I know that Cold storage is the way to go when it comes to securing your BTC. However there are a few reasons why some people choose to keep their BTC on an exchange, for example to withdraw to fiat or they keep it on their Blockchain.info mobile wallet app to make small purchases from time to time.

The issues I am finding with most exchanges like Coinbase, Gemini is that even if you have 2FA enabled most can be easily reset if someone has access to your email and/or phone.

So if you have a unique email password with 2FA enabled, a unique Coinbase password with 2FA, you are still vulernable if your computer gets malware.

Authy for example lets you reset your 2FA with ONLY your email+phone number. They freeze your account for maybe 24 hours and they ask by text to confirm its you. However if your computer gets hacked, someone will have access to your email, in your email they can get your name, address, SSN, which is more than enough to change their SIM swap to theirs.

Hence if you are on vacation or take the weekends away from the computer. Someone during that time can reset your Coinbase password by email, reset your Authy 2FA by email and by phone confirmation.

So to me its seems that the ONLY way to have security ( assuming Coinbase doesn't go MtGox ) is to use a

Dedicated email address only for Coinbase. In this email there should be no traces or mentioning any personal info like Full name, Address, Phone number

Dedicated phone number only for Authy 2FA. This can be a prepaid phone which can only get refill offline by calling 611 or at the Gas station. This phone number can't be anywhere on your computer or inside your email accounts.

Secure OS like Linux or Mac with all security updates. Only use when login into the exchange, don't use it for anything else. This can be done by buying another hard drive.

So I know this is kind of paranoid and some say its far-fetched but with Bitcoin hitting $4000 almost, pretty much any amount of BTC stolen would be upsetting.

I am just wondering what everybody else is doing to keep their BTC secure on an exchange?

Jump to: