Crypto Exchange and Security: 5 Important Recommendations
Cryptocurrency exchange users rarely think about security your account. As you know, when registering, you must specify current phone number and email address mail... Despite the fact that there may be large amounts of money on the account, proper attention is not paid to their protection. Experts do not recommend scoring bolt on security account. Thanks to care and responsibility, the user will be able to avoid possible trouble.
The following will be considered the most ‼ ️Important points to which traders are recommended to pay attention. At the same time, the size of the deposit and the degree of activity on the exchanges do not really matter.
Crypto Exchange: Phone Numbers & Email
Novice crypto traders are advised to carefully choose postal service. Of course, you can argue for a long time about which mail is better from a security point of view. I recommend to Iris to pay attention to tutanota и protonmail.
After registration, you need to visit your personal account and activate the withdrawal of funds exclusively to "trusted addresses"And include the confirmation via e-mail in case of withdrawal of funds.
Special attention should be paid to the protection of mobile numbers ☎️that is attached to the mail account. Ideally, buy a new SIM card for mail and keep its number secret. It is better not to dictate to anyone and not to forward the phone number, even to the employees of the exchange. Phone numbers on exchange and mail be different.
Crypto exchange: Choosing a strong password
For reliable account protection, it is recommended to install passwordconsisting of at least 16 characters. But today's brute force methods allow you to hack accounts even with such long passwords.
Random number generators also do not always provide a tamper-resistant result. The fact is that in this case a pseudo-random number selection algorithm is used. This technique does not lie in the plane of an elliptical curve. Generating random numbers is uneasy a task.
To facilitate the process, you can use the following method. The user is advised to select the public bitcoin address as a template. Its generation is carried out using the program vanitygen... After receiving a combination, you need to change it a little by adding a few special characters.
Another popular option is to use a password manager. Popular among users LastPass. Чем больше символов, букв разных регистров, цифр — тем лучше.🍺
Crypto exchange: Two-factor authentication (2FA)
Sending a password via SMS-message. it NOT the most successful way to protect your account. Services for the provision of a virtual number are available today. With their help, you can receive SMS messages, as well as make calls. Accordingly, attackers do not need to make an effort and make a copy of the sim card. To get the information you need, you just need to use one of these services. Naturally, the number associated with the exchange account should be kept in secret... At the same time, the user will not be sure about the security of the data, given the possibility of intercepting SMS messages.
This is a very reliable method that does not require an Internet connection during authorization. After installing 2FA on your smartphone, you just need to enter your personal key and synchronize time according to the time zone. Upon activation, the application starts generating new one-time passwords every 30 seconds. At the same time, the possibility of substitution or interception of the combination by intruders absent (but it is not exactly)... To register, you must enter 6-digit password in a special field on the website of the trading terminal or exchange.
In theory, the likelihood of hacking your account still exists. However, in practice, this procedure is too complicated, it is associated with third-party factors and does not provide a positive result for the attacker. It is for this reason that two-factor authentication from Google is considered very reliable.
Choosing this method, the user must without fail save QR Code which used to generate the code in Google Authenticator... With its help it will be possible to restore access to the account at loss phone and in case of other unforeseen circumstances. Otherwise, no support or Santa Claus will restore access to the application.
It similar сервис — гуглу, имеющий схожий принцип работы и расширенный перечень полезных функций. Существует версия приложения для десктопа, мастер-пароль, а также поддержка кошельков для криптовалют. Несмотря на положительные особенности, популярность Authy is not so high.
Regardless of which two-factor authentication method was chosen, it is strongly recommended that you use it to register on exchange and to enter on mail... The mobile numbers used must be different.
Most of the providers provide static IP. Accordingly, the user's address does not change almost every session. Even if the router is rebooted, it remains unchanged... It is recommended to select “static IP". Due to this, in the future, it will be possible to enter the login only from the address that was specified when Registration.... This feature also applies to access through the trading terminal while using the keys. API.
From a technical point of view, there is a possibility of intercepting traffic, IP and the current session. Even if attackers use files cookie, spoofing the IP address will not allow access to the account. Alternatively you can use I2P и OpenVPN... Borodach told about the choice of VPN service in detail in this article.
Spoofing and phishing
The most common types of fraud are:
- hidden transition to a fake site;
- substitution of the address in the browser line.
It is important to know that fake sites fully replicate the design of the real site. Straight as much as possible, 1 in 1, while the quality is lame, and in the domain there is a difference of at least 1 character, as a rule, this is duplication of letters, adding characters and other pranks. For this reason, beginners often fall for this trick. To avoid spoofing, the exchange website should be added to Bookmark your browser. As far as phishing is concerned, to combat it, it is enough not to click suspicious links. During operation, you should also check for the presence of a certificate SSL and protected connections with the exchange.
The use of the trading terminal solves the problem phishing и spoofing... After all, interaction with the web interface of the exchange NOT happens. In addition, data exchange is carried out in accordance with other protocols (a secure connection is used).
Крипто биржа — Заключение
Following all the precautions listed, trader will get rid of many problems that users face in one way or another on cryptocurrency exchanges, but Borodach listed the most minimal recommendations that every Kasatik can use, without SMS and registration. We will consider more interesting methods at the next meeting behind the counter. Bar.
What methods do you use for online security? Share in the comments🍺