As much as we suggest against leaving your funds on cryptocurrency exchanges, sometimes withdrawing your funds to your own wallet is really not an option especially if you’re an active trader. There’s nothing we could do to prevent hackers from attempting to hack exchanges as it’s the exchange’s developer’s responsibility to protect their funds in the first place. The best we could do is to make sure our exchange accounts are as secure as possible to prevent our funds from getting stolen.
Here are 7 ways on how to secure your cryptocurrency exchange accounts.
1. Use a Secure Password
Exchange accounts are a very hot target for hackers as they could steal your funds and successfully get away with it without any trace of their identity. If you’re still using short passwords without numbers and symbols(!@#$%^&*) in 2018, then your accounts are at risk, especially your accounts on cryptocurrency exchanges. Why? Hackers use certain software to “brute force” their way into your account. Basically, they test out every single possible character combination to hopefully guess your account’s password at some point.
How do you combat this? Use a long and complex password. Some examples:
NTnf$44Di7dxPQT6pmxLcF6&RxtGWvh&N3bTwSGR zqng9fm@jPp##AJWGMP3KVAK38K9CtVgMZ^zLk2n 3KVAK38K9CtVgMZ^zLk2ncF6&RxtGWvh&N3bTw23
You might think, “How am I going to memorize that!?”. Well, you don’t necessarily need to. You can use password managers for storing all the long and complex passwords of all of your accounts. That way, you’d only need to remember one complex password — the password needed to access your password manager itself.
NOTE: Make sure that your master password is also difficult enough to crack. Using a password manager is worse if you’re using an insecure master password
Using passwords as complex as these, while changing your passwords at least a few times a year would make it extremely hard for hackers to crack your password through a brute-force attack.
Some reputable password managers include:
2. Don’t Use the Same Passwords on Multiple Accounts
This doesn’t apply only to exchange accounts, but to all your accounts in general. If a hacker gets access to any one of your accounts, regardless if it’s an exchange or a social media account or anything, then chances are that they’re going to attempt to log in on multiple exchanges using your account’s login credentials.
Again, to make this process a lot easier, use a password manager as stated in the previous point.
3. Don’t use SMS authentication
Using SMS verification for your exchange logins has been proven to be very insecure due to a lot of incidents that have been reported on various news sites online. Without getting into the technical mumbo jumbo, hackers can perform various kinds of exploits that could give them access to either your current SMS messages, incoming SMS messages, or your mobile number itself.
NOTE: Using SMS authentication is still far better than having no second-layer authentication
What should you use instead then? This brings us to our next point:
4. Use open-source Authenticator apps instead
Using authenticator apps is still one of the most secure ways of doing 2-factor authentication. It’s going to be significantly difficult for hackers to gain access to your authentication code as their possible ways of stealing it are narrowed down to lesser exploits. Even though they somewhat steal your verification code, chances are, when it’s time for them to try to use your code, the code already has expired and changed to a new one as the verification code changes every 30 seconds or so. The only easy way for them to gain access to your authentication code is to straight off steal your mobile device.
Good authenticator apps include:
5. Make Sure Your Device is Malware & Virus FREE
Always make sure you’re using a malware-free device as certain malware can give hackers access to your keystrokes and your clipboard history(your copy/paste history). Especially when using a device that runs a Windows operating system, make sure to frequently run your preferred antivirus software at least once or twice a week, just to make sure that your device is clean.
If you’re quite paranoid about stuff that could steal your passwords and your files, use an alternative operating system. Chances are, if you’re using a Linux operating system or an Apple device running OSX, your device is going to be significantly less likely to be infected by malware and viruses as these attacks are mostly targeted toward Windows devices.
Another way to make sure your device is secure is to make sure to always keep your operating system up to date, regardless if you’re using Windows or an alternative. Windows and other operating systems frequently push security updates for people’s devices to be as secure as possible.
6. Using the Exchange API? Secure your API keys!
When you create an API key on your exchange account, you can use those API keys to have access to certain functions of your exchange account, like access to your order history, your exchange wallet’s funds, and even the authority to withdraw funds from your account; just by using the API key.
Basically, if a certain API key of yours allows the option to withdraw funds using the API key and your API key gets stolen, then the hacker can simply steal your funds. Also, if you’re only using the API just to track your funds, then always make sure to uncheck the withdraw and trade functions(as shown in the screenshot above), just to be sure.
7. Make Sure You’re Going to the Correct Site URL
One of the most successful ways for hackers to gain access to people’s exchange accounts is through the usage of phishing sites.
Phishing sites are scam sites that masquerade as certain legitimate websites like social media sites, online banking sites, crypto exchange sites, wallet sites, etc. Most of these phishing sites even look exactly like the website they’re pretending to be.
To fix this issue, always be skeptical about certain links sent by certain emails, links from advertisements, etc. It’s always safer to manually and accurately type the website’s URL on your browser’s address bar.