Introduction
Security is a top priority for Binance. We do everything we can to keep your account safe, but you can also significantly improve the security of your Binance account.
In this article, we'll describe some simple steps you can take to protect your account, as well as some good habits you should keep in mind. It's in your best interest, as well as ours, to keep your account safe. The blockchain industry is growing rapidly, so creating a more secure environment will benefit us all.
So, what steps can you take to improve the security of your Binance account?
1. Use a strong password and change it regularly
This may seem pretty obvious, but it's an important step to secure your Binance account. You must use strong and unique passwords for each of your online accounts. This is especially true for those who hold cryptocurrencies in their cryptocurrency exchange account. Ideally, these passwords should be longer than eight characters, contain upper and lower case letters, numbers and special characters.
One of the best ways to create, manage and store secure passwords is password managers. In this way, you can safely and conveniently store and manage different passwords in one place. Most password managers use sophisticated encryption mechanisms to provide an extra layer of protection. Be sure to use only a reliable password manager and, of course, create a strong master password.
A strong password is a great first step, but that doesn't mean it's set forever. It is also recommended that you change your passwords regularly, as attackers may have ways to obtain your passwords anyway. This is not only true for your Binance account, but also for your email linked to your Binance account.
While we're on the subject of your email, here's another thing to keep in mind - it's a good idea to use different email addresses for different accounts. In this way, you can mitigate some of the potentially damaging effects of a data breach. Especially if you're using an old email account, there's a good chance it was part of a hack in the past. However, if you use dedicated email addresses for each service, it's less likely that a hack will affect multiple accounts. The website Have I Be I Pwnned is a great resource to check if one of your accounts has been hacked.
Please note that after changing your Binance account password, you will not be able to withdraw funds for the next 24 hours. This is done so that potential attackers do not gain access to your account when withdrawing funds.
2. Use YubiKey for two-factor authentication (2FA)
Activating two-factor authentication (2FA) should be among the first things you do after creating a Binance account. Binance supports two types of 2FA: SMS and Google Authentication. Of the two, we recommend Google Authenticator. Just remember to write down the reset key in case you need to transfer the 2FA codes to a new mobile phone.
While SMS authentication is easier to use, it is less secure than Google Authenticator. SIM swapping is a real threat, and some famous accounts have fallen victim to this technique. In 2019, the CEO of Twitter, Jack Dorsey, was hacked using this method, leaving attackers with complete freedom of action over his Twitter account with millions of followers.
These are not the only ways to protect your account with two-factor authentication. We'll discuss another method shortly, called Universal Two-Factor Authentication (U2F). It includes a secure hardware device that protects your account. And good news: Binance supports it too!
3. Check the list of devices that are allowed to access your account
You can check the devices that are allowed to access your Binance account in the Device Management tab. If you use the Binance app, this tab can be found under the Account tab.
If you see any devices you don't recognize or no longer use, delete them. Once you remove the device, it will not be able to access your account again until you re-authorize it via email. As we discussed earlier, this is why the security of your email account is also of utmost importance.
You can also check account activity, i.e. from which IP address your account was accessed and when. If you see anything suspicious, disable your account immediately. This will suspend trading and withdrawals, delete all your API keys and all devices that can access your account.
4. Manage your withdrawal addresses
Your Binance account has a security feature called Address Management. It allows you to limit the number of wallet addresses to which you can withdraw funds. If you enable this feature, each new address added will require email confirmation to be added to the whitelist.
Again, this is why it's so important to keep your email account secure! This is the foundation of your online security.
Can't decide which crypto wallet to withdraw to? You can try Trust Wallet. This is a great choice if you are looking for a secure software wallet for your account. You can also purchase a hardware wallet to keep your private keys offline.
Want to start trading cryptocurrency? Buy Bitcoin on Binance!
5. Learn about phishing
Phishing is a type of attack in which an attacker tries to impersonate someone else (such as a company) in order to obtain your personal information. This is one of the most common attacks and you should watch out for it.
As a rule, it is better to enter Binance only from a saved bookmark, and not to enter the address every time. If you haven't already, bookmark the link now: https://www.binance.com. With this simple step, you can already avoid most of the fake Binance websites that try to trick you into accessing your account information.
The Anti-Phishing Code feature allows you to set a unique code that will be included in all your Binance message emails. By enabling the anti-phishing code, you will be able to determine whether the email messages you receive from Binance are genuine. If you want to learn more about how to use it, check out our Anti-Phishing Code Guide.
Want to learn about other ways to avoid phishing? Read the article What is Phishing?
6. Follow API security guidelines
The Binance API is a great way for more advanced traders to maximize their experience with the Binance trading engine. The Binance API allows you to create your own trading strategies.
However, using API keys comes with some risks, as you allow external applications to access your data. When you use the Binance API, you should consider restricting access based on IP address. Thus, only whitelisted IP addresses will be enabled. You should also change your API keys regularly and avoid giving them to third parties.
7. Use universal two-factor authentication (U2F)
Binance supports U2F-compliant authenticators such as Yubico's YubiKey. These devices will only give you access to your account if they are connected to your computer or connected via a wireless network.
You can think of this device as something similar to your Google Authenticator, but instead of software, you're using hardware. This means that physical access to that hardware is also required to access your account.
Final thoughts
Keeping your Binance account secure is an important consideration. We've covered some simple steps you can take to secure your account and prevent hackers from gaining access to your precious Bitcoin and altcoins.
If you want to check your current security level, go to the Security panel. If you're using the Binance app, go to the Security section under the Account tab.
If you want to be even more informed, be sure to check out our articles on other security related topics on Binance Academy!
