Content
Introduction
Use a strong password and change it regularly
Activate Two-Factor Authentication (2FA)
Check the list of devices authorized to access your account
Manage your withdrawal addresses
Learn about phishing
Follow API security guidelines
Use Universal 2nd Factor (U2F) authentication
Conclusion
Introduction
At Binance, security is a top priority. While we do everything we can to keep your account safe, you also have the power to greatly increase the security of your account.
In this article, we outline a series of steps you can take to protect your account, along with general good habits that you should always keep in mind. We, like you, are interested in keeping your account safe. The blockchain industry is growing very fast, so creating a more secure environment will benefit us all.
So, what are the steps you can take to increase the security of your Binance account?
1. Use a strong password and change it regularly
It may seem obvious, but it is an essential step to protect your Binance account. You should use strong, unique passwords for each of your Internet accounts. This is especially important in the case of those that store items of value – such as your account on a cryptocurrency exchange. Ideally, these passwords should be more than eight characters long, contain both upper and lower case letters, numbers and what are called special characters.
One of the best ways to generate, manage and store secure passwords is with so-called password managers. This way, you can save and manage your different passwords in a comfortable and secure way, having them all in one place. Most password managers employ sophisticated encryption mechanisms to provide an extra layer of protection. Make sure you only use trusted password management software, and of course, create a strong master password.
Having a strong password is a great first step, but that doesn't mean there's nothing else you can do. It's also good practice to change your passwords regularly, as hackers may have ways to obtain them. This not only applies to your Binance account, but also to your email associated with it.
And continuing with the question of your email, there is another point to consider – for different accounts it is beneficial to use different email addresses. This way, you can mitigate some of the damaging effects of data breaches. And, especially when you use an old email account, there is a high possibility that it was part of a data breach in the past. However, if you use a specific email for each service, the possibility of multiple accounts of yours being affected by a breach is lower. The Have I Been Pwned website is a great source to check if any of your accounts have ever been the victim of a data breach.
Please note that by changing your Binance account password, you will not be able to withdraw funds for the next 24 hours. This is a measure that seeks to prevent potential attackers from preventing you from accessing your account while they withdraw your funds.
2. Activate Two-Factor Authentication (2FA)
Enabling Two-Factor Authentication (2FA) should be one of the first things you do after creating your Binance account. Binance supports two types of 2FA: SMS and Google Authentication. Of the two, we preferably recommend the Google Authenticator. You just have to make sure to write down your reset key, in case you need to transfer your 2FA codes to a new mobile phone.
Although SMS authentication may be easier to use, it is considered less secure than Google Authenticator. SIM swapping is a real threat, and some prominent profile accounts have been victims of this technique. In 2019, Twitter CEO Jack Dorsey was hacked using this method, giving attackers free rein on his Twitter account – followed by millions of people.
These aren't the only ways to protect your account with 2FA. Next, we will briefly discuss another method called Universal 2nd Factor (U2F) authentication. Requires a hardware device that protects your account. And the good news is... Binance supports it too!
3. Check the list of devices authorized to access your account
You can check the devices that are authorized to access your Binance account in the Device Management tab. When using the Binance app, you can find this tab under the “Account” tab.
If you see a device you don't recognize or no longer use, remove it. Once you delete a device, it won't be able to access your account again unless you re-allow it via a confirmation email. As we have discussed above, this is why the security of your email account is also of utmost importance.
You can also check account activity, that is, from which IP address your account was accessed and when. If you see anything suspicious, immediately disable your account. This will suspend trading and withdrawals, delete all your API keys, and remove all devices that can access your account.
4. Manage your withdrawal addresses
Your Binance account has a security feature called Address Management. It allows you to limit the wallet addresses to which you can withdraw funds. If you enable this option, each newly added address will require a confirmation email to be added to the whitelist.
To reiterate, this is why it is so important to keep your email account secure! It is the foundation of your online security.
Can't decide which crypto wallet to withdraw your funds to? You can try Trust Wallet, it is a great option if you are looking for a secure software wallet for your mobile phone. You could also invest in a hardware wallet to keep your private keys offline.
Are you looking to get started with cryptocurrencies? Buy Bitcoin on Binance!
5. Learn about phishing
Phishing is a type of attack in which a malicious actor tries to impersonate another person (for example, a company) to obtain your personal information. It is one of the most common attacks, and you should be careful with it.
As a general rule, it is best to visit Binance only from a saved bookmark rather than typing the address each time. If you haven't already, feel free to bookmark the link right now: https://www.binance.com. With this simple step, you can now avoid a good portion of fake Binance websites that aim to trick you into accessing your account information.
The Anti-Phishing Code feature allows you to set up a unique code to be included in all your Binance notification emails. By enabling the Anti-Phishing code, you will be able to know if the notification emails you receive from Binance are genuine. If you want to learn more about how to use it, see our Anti-Phishing Codes Guide.
Do you want to learn about other ways to avoid phishing? Take a look at What is phishing?.
6. Follow API security guidelines
The Binance API is a great way for more advanced traders to maximize their experience with the Binance trading engine. The Binance API allows you to create custom trading strategies.
However, using API keys carries some risks because it allows your data to be shared with external applications. When using the Binance API, you should consider restricting access based on IP address. This way, only whitelisted IP addresses will be enabled. You should also consider changing your API keys regularly and avoid giving your keys to third parties.
7. Use Universal 2nd Factor (U2F) authentication
Binance supports U2F-compatible authenticators such as Yubico YubiKey. These devices will grant you access to your account only if they are connected to your computer or paired wirelessly.
You could think of this device as similar to your Google Authenticator, but instead of a piece of software, it's a piece of hardware. This means that accessing your account also requires physical access to this hardware.
Conclusion
Keeping your Binance account secure is an important consideration. We review some of the simple steps you can take to protect your account and prevent hackers from accessing your precious bitcoins and altcoins.
If you want to check your current security level, go to your security dashboard. If you are using the Binance app, go to the “Security” section of the “Account” tab.
If you want to be even more informed, be sure to check out our articles on other security-related topics on Binance Academy!