As much as we suggest against leaving your funds on cryptocurrency exchanges, sometimes withdrawing your funds to your own wallet is really not an option especially if you’re an active trader. There’s literally nothing we could do to prevent hackers from attempting to hack exchanges as it’s the exchange’s developer’s responsibility to protect their funds in the first place. The best we could do is to make sure our exchange accounts are as secure as possible to prevent our funds from getting stolen. Here are 7 ways on how to secure your cryptocurrency exchange accounts.
1. Use a Secure Password
Exchange accounts are a very hot target for hackers as they could steal your funds and successfully get away with it without any trace to their identity. If you’re still using short passwords without numbers and symbols([email protected]#$%^&*) in 2018, then your accounts are at risk, especially your accounts on cryptocurrency exchanges. Why? Hackers use certain software to “brute force” their way into your account. Basically, they test out every single possible character combination to hopefully guess your account’s password at some point.
How do you combat this? Use a long and complex password. Here are some examples(definitely don’t use these exact passwords though):
NTnf$44Di7dxPQT6pmxLcF6&RxtGWvh&N3bTwSGR [email protected]##AJWGMP3KVAK38K9CtVgMZ^zLk2n
You might think, “How am I going to memorize that!?”. Well, you don’t necessarily need to. You can use password managers for you to store all your long and complex passwords of all of your accounts. That way, you’d only need to remember one complex password, the password needed to access your password manager itself.
NOTE: Make sure that your master password is also difficult enough to crack. Using a password manager is worse if you’re using an insecure master password
Using passwords as complex as these, while changing your passwords at least once or twice a month would make it extremely hard for the hackers to crack your password using the brute forcing method.
Some reputable password managers include:
2. Don’t Use the Same Passwords on Multiple Accounts
This doesn’t apply only to exchange accounts, but to all your accounts in general. If a hacker got access to any one of your accounts, regardless if it’s an exchange or a social media account or anything, and the hacker knew that you were into cryptocurrencies, then chances are that the going to try to log in on multiple exchange websites using your credentials.
Again, to make this process a lot easier, use a password manager as stated on the previous point.
3. Don’t Use SMS Verification
Using SMS verification for your exchange logins has been proven to be very insecure due to a lot of incidents that have been reported on various news sites online. Why? Without getting into the technical mumbo jumbo, hackers can perform various kinds of exploits that could give them access to either your current SMS messages, incoming SMS messages, or your mobile number itself. Scary stuff indeed.
What should you use instead then? This brings us to our next point:
4. ..Use Google Authenticator instead
Google Authenticator is still one of the most secure ways of doing 2-factor authentication. It’s going to be significantly difficult for hackers to gain access to your authentication code as their possible ways of stealing it is narrowed down to lesser exploits. Even though they somewhat steal your verification code, chances are, when it’s time for them to try to use your code, the code already has expired and changed to a new one as the verification code changes every 30 seconds or so. The only easy way for them to gain access to your authentication code is to straight off steal your mobile device.
Google Authenticator is freely downloadable on both the Android PlayStore and the Apple App Store.
NOTE: You can use Authy instead of Google Authenticator if you want, but take note that Authy is less secure compared to Google Authenticator; though Authy is indeed a lot more convenient for most people.
5. Make Sure Your Device is Malware & Virus FREE
Though this should be a no-brainer, this is frequently overlooked. Always make sure you’re using a malware-free device as certain malware can give hackers access to your keystrokes and your clipboard history(your copy/paste history). Especially when using a device that runs a Windows operating system, make sure to frequently run your preferred antivirus software at least once or twice a week, just to make sure that your device is clean. If you’re quite paranoid about stuff that could possibly steal your passwords and your files, use an alternative operating system. Chances are, if you’re using a Linux operating system or an Apple device running OSX, your device is going to be significantly less likely to be infected by malware and viruses as these attacks are mostly targeted towards Windows devices.
Another way to make sure your device is secure is to make sure to always keep your operating system up to date, regardless if your using Windows or an alternative. Windows and other operating systems frequently push security updates for people’s devices to be as secure as possible.
6. Using the Exchange API? Secure your API keys!
When you create an API key on your exchange account, you can use those API keys to have access to certain functions of your exchange account, like access to your order history, your exchange wallet’s funds, and even the authority to withdraw funds from your account; just by using the API key. Basically, if a certain API key of yours allows the option to withdraw funds using the API key and your API key gets stolen, then the hacker can simply steal your funds. Also, if you’re only using the API just to track your funds, then always make sure to uncheck the withdraw and trade functions(as shown in the screenshot above), just to be sure.
7. Make Sure You’re Going to the Correct Site URL
One of the most successful ways of hackers gain access to people’s exchange accounts is through the usage of phishing sites.
Phishing sites are scams sites that are masquerading as certain legitimate websites like social media sites, online banking sites, crypto exchange sites, wallet sites, etc. Most of these phishing sites even look exactly like the website they’re pretending to be.
To fix this issue, always be skeptical on certain links sent by certain emails, links from advertisements, etc. It’s always safer to manually and accurately type the website’s URL on your browser’s address bar.