Contents
Introduction
Use a strong password and change it regularly
Enable two-factor authentication (2FA)
Check the list of devices authorized to access your account
Manage your withdrawal addresses
Learn more about fishing
Follow API Security Guidelines
Use Universal 2nd Factor (U2F) authentication
To conclude
Introduction
Security is a top priority on Binance. While we do everything possible to keep your account secure, you also have the power to significantly increase the security of your Binance account.
In this article, we outline some simple steps you can take to secure your account, as well as general good habits you should keep in mind. Just like you, we want to secure your account. The blockchain industry is growing. Creating a more secure environment will therefore benefit everyone.
So what steps can you take to increase the security of your Binance account?
1. Use a strong password and change it regularly
This may seem obvious, but it is an essential step in securing your Binance account. You should use strong, unique passwords for each of your accounts on the Internet. This is especially true for those that have value, like your cryptocurrency exchange account. Ideally, these passwords should be longer than eight characters and contain upper and lower case letters, numbers and special characters.
One of the best ways to generate, manage and store secure passwords is to use a password manager. So you can store and manage your different passwords securely and conveniently, all in one place. Most password managers use sophisticated encryption mechanisms to provide an extra layer of protection. Be sure to only use reliable password management software and, of course, create a strong master password.
Having a strong password is a great first step, but it doesn't mean you're set forever. It's also good to change your passwords regularly, as attackers may have ways to obtain your passwords regardless. Not only does this apply to your Binance account, but also to your email address associated with your Binance account.
When it comes to email, here's another point to consider: it's beneficial to use different email addresses for different accounts. This way, you can mitigate some of the potentially harmful effects of data breaches. Particularly if you're using an old email account, there's a good chance it's been breached in the past. However, if you use dedicated email addresses for each service, there's less chance of a breach affecting multiple of your accounts. The Have I Been Pwned website is a great resource for checking if one of your accounts has been the victim of a data breach.
Please note that once you change your Binance account password, you will not be able to withdraw within 24 hours. This helps prevent potential attackers from blocking your access to your account to withdraw your funds.
2. Enable two-factor authentication (2FA)
Enabling two-factor authentication (2FA) should be one of the first things you do after creating a Binance account. Binance supports two types of two-factor authentication: SMS and Google authentication. We recommend Google Authenticator. Just be sure to write down your reset key in case you need to transfer your A2F codes to a new cell phone.
Although SMS authentication is easier to use, it is considered less secure than Google Authenticator. SIM swapping is a real threat, and some well-known accounts have been victims of this technique. In 2019, Twitter CEO Jack Dorsey was hacked using this method, leaving hackers free to use his Twitter account with his millions of followers.
These are not the only ways to secure your account with 2FA. We will soon discuss another method called U2F (Universal 2nd Factor) authentication. This is a secure hardware device that protects your account. And good news, Binance supports it too!
3. Check the list of devices authorized to access your account
You can check which devices are allowed to access your Binance account in the Device Management tab. When using the Binance app, you can find this tab under the “Account” tab.
If you see devices that you no longer recognize or use, delete them. Once you delete a device, it will no longer be able to access your account unless you authorize it again through a confirmation email. As we have already discussed, this is why the security of your email account is also essential.
You can also check your account activity, i.e. find out from which IP address your account was used and when. If you see anything suspicious, deactivate your account immediately. This will have the effect of suspending transactions and withdrawals, deleting all your API keys, and removing all devices that can access your account.
4. Manage your withdrawal addresses
Your Binance account has a security feature called Address Management. This allows you to limit the wallet addresses to which you can make withdrawals. If you enable this option, each new address added to the whitelist will require email confirmation.
Once again, this is why securing your email account is so important! It is the foundation of your online security.
Can't decide which crypto wallet to withdraw your funds to? You can try Trust Wallet, it is a great choice if you are looking for a secure software wallet for your cell phone. You can also invest in a hardware wallet to keep your private keys offline.
Do you want to get started with cryptocurrencies? Buy Bitcoin on Binance!
5. Learn more about fishing
Fishing is a type of attack where a malicious actor attempts to impersonate someone else (for example, a company) to obtain your personal information. This is one of the most common attacks, and you should be wary of it.
Generally, it is better to access Binance only from a saved favorite instead of entering the address each time. If you haven't done so yet, be sure to bookmark the link now: https://www.binance.com. With this simple step, you can already avoid a good portion of fake Binance websites that aim to trick you into accessing your account information.
The Anti-Fishing Code feature allows you to set a unique code that will be included in all your Binance notification emails. By enabling the anti-fishing code, you will be able to know if the notification emails you receive from Binance are genuine. If you want to learn more about how to use it, check out our Anti-Fishing Codes Guide.
Want to know other ways to avoid fishing? See What is fishing?
6. Follow API Security Guidelines
The Binance API is a great way for more advanced traders to maximize their experience with the Binance trading engine. The Binance API allows you to create custom trading strategies.
However, using API keys poses some risks because you are allowing your data to be shared with external applications. When using the Binance API, you should consider restricting access based on IP address. This way, only whitelisted IP addresses will be allowed. You should also consider changing your API keys regularly and avoid giving your keys to external parties.
7. Use U2F (Universal 2nd Factor) authentication
Binance supports U2F-enabled authentication devices, such as the Yubico YubiKey. These devices only give you access to your account if they are connected to your computer or paired wirelessly.
You might think of this device as similar to your Google Authenticator, but instead of software, it's a hardware device. This means that access to your account also requires physical access to this hardware.
To conclude
Ensuring the security of your Binance account is of paramount importance. We have covered some of the simple steps you can follow to protect your account and prevent hackers from accessing your valuable bitcoins and altcoins.
If you want to check your current security level, go to your security dashboard. If you are using the Binance app, go to the Security section of the Account tab.
If you want even more information, be sure to check out our articles on other security topics on Binance Academy!