Rules that will significantly increase the security of an account on any cryptocurrency exchange, in particular on the largest crypto platform Binance.
The first step is to develop habits that keep your account safe. By joining forces to prevent unauthorized activities, together we will create a safer environment for cryptocurrency transactions.
1. Always use preferably – Google Authenticator.
Enabling 2FA on your account is the first important step in protecting your funds on Binance. We currently offer two options for two-factor authentication:
- SMS,
- Google Authenticator.
We recommend using Google Authenticator. While two-factor authentication via SMS may be more convenient, the number of attack methods your account may be exposed to is on the rise (for example, SIM swapping).
Since June 2019, Binance has added support for hardware security keys such as the Yubico YubiKey. These devices provide secure access to your account over wired and wireless connections. The principle of operation of the device is similar to traditional two-factor authentication (2FA) methods, such as SMS (the weakest variant of 2FA) and Google Authenticator, but instead of entering a code, the key is physically connected to the device.
2. Check the list of devices that are allowed to access your Binance account. If you see any unknown or unused devices, then remove them in the following way:
- Sign in to your Binance account and go to «My Account» in your browser or app.
- View Devices at the bottom of the My Account page in your browser or in the Security menu in the app.
- Remove any unrecognized or unused devices. After deletion, access to your account for these devices will be closed until you provide it again via email confirmation.
3. Use a strong password for your Binance account and change it regularly.
It is highly recommended that you use a password that is at least 8 characters long and contains at least one uppercase letter, one lowercase letter, one special character, and one number. We also strongly recommend that you do not reuse passwords previously used on other websites.
But a strong password alone is not enough – cybercriminals know many ways to obtain it, and therefore it is recommended to change the password on a regular basis. This practice should apply not only to your Binance account, but also to your email (especially if it is used for accounts with financial transactions, such as Binance).
Every time you change your password on your Binance account, for security reasons, withdrawals are temporarily suspended for 24 hours. Consider this when planning a password change.
4. Allow withdrawals only to trusted addresses and check the whitelist regularly.
Binance has a «Manage Addresses» option that allows you to restrict the list of wallet addresses for withdrawing funds. Adding each new address requires email confirmation, which protects you from unauthorized access.
Just enable the «Whitelist for withdrawal» option in the «Address Management» section.
5. Complete the verification process for your Binance account. Verifying your identity will not only allow you to get an increased limit on withdrawals, but also protect you from intruders who will not be able to verify the ownership of your account. In addition, this will allow the support service to quickly resolve the problem in the situation if you made a mistake.
Identity verification is becoming an increasingly important aspect of cryptocurrency trading, especially on major exchanges like Binance. This procedure gives you full access to Binance services and increases the limits on deposits and withdrawals. However, even without verification, a withdrawal of up to 2 BTC per day is available, which is sufficient for 99% of users.
6. Consider transferring some of the funds to your wallet, also being extremely careful.
Regardless of the security of an exchange, the following statement is always true: your funds are best protected when they are at your disposal. It is desirable that the chosen cryptocurrency wallet supports most of the largest cryptocurrencies and ERC20 tokens.
However, there are a few important things to keep in mind when managing your own wallet funds outside of Binance:
First, never share your wallet seed or private key with anyone. By providing this data to others, you will also give them full control over your wallet and the funds on it.
Secondly, be sure to make sure you are using the official app / site, as fake apps / sites are often created to steal data.
7. Take the necessary steps to protect your account when using the API.
A significant portion of the Binance community uses the API, a documented programming interface that allows Binance data to be transferred to other applications.
Using APIs gives traders the ability to trade according to their own preferences, but ignoring the safety rules can lead to problems.
When using the API, you should pay attention to things like restricting access by IP address, refusing to provide API keys to third-party services, regularly changing keys, and / or using the aforementioned whitelist for withdrawals.
8. Read the official Binance posts on security settings regularly.
Binance informs users of all security-related updates. This could be an email, an FAQ post, or a blog update.
For your part, please make sure that you are subscribed to official sources of information, as there are fraudulent accounts posed by Binance. We’ll discuss social engineering and other potential security threats later in this article.
The tips below are outside the scope of your Binance account and are about general security guidelines. Take these steps as well.
9. Make sure your internet connection is secure.
Checking the security of your connection should take place on several fronts – from your Internet provider and connection method to the installed programs and services.
Avoid connecting to public Wi-Fi and other public networks, as they can be used by attackers to intercept the data you transmit.
10. Install anti-virus software and use only safe applications / programs.
Make sure that the applications and files you are using or downloading are not infected with viruses, malware, or anything else that could leak your data.
Make sure all your devices are protected with the latest version of your chosen antivirus software with regular scans. Always download apps / programs only from trusted official sources and avoid following links or using software sent to you by unknown suspicious persons.
For added security, consider using a separate device to sign in to sensitive data accounts. The Binance FAQ section also contains a separate list of antivirus recommendations.
11. Install a screen lock on your phone.
You are most likely using your phone to enter 2FA codes and other security related activities. So protecting your phone is a smart move. Whether it’s a password or a fingerprint, an extra layer of security doesn’t hurt.
12. Use a reliable password manager.
Alas, it is not easy to remember multiple secure passwords. Password managers make it easy to manage complex passwords across multiple accounts, and many have sophisticated encryption mechanisms to store passwords more securely. Of course, you need to set the password as complex as possible for the password manager.
13. Use unique email addresses for each of your accounts, including your Binance account.
Most people use one or two email addresses for all of their accounts. This can lead to the fact that the same data will be posted on different websites and / or services.
Experienced attackers can use data stolen from one service to try to hack your account on another service. Use unique addresses for each of your accounts to prevent accidental distribution of your data.
14. Check your contacts regularly for potential security threats to avoid social engineering attacks.
Most security breaches nowadays go beyond common hacking attempts such as phishing and other technical methods. Attackers use online contacts and messages. This is social engineering – attempts to manipulate people, forcing them to commit dangerous actions, such as disclosing personal or confidential information, which can later be used to their detriment.
In the context of cryptocurrencies, this means that you should avoid certain actions. Do not post screenshots or brag about your cryptocurrency savings, especially on the Internet. The larger the amount, the more likely you are to become a target of hackers and scammers.
You also need to be careful when dealing with different individuals. As mentioned above, there are individuals posing as Binance employees (usually Binance support agents) and trying to persuade you to provide them with your account details. Beware of such scammers and impersonators.
15. Identify and avoid phishing and malicious activities. Always check the emails you receive and the websites you visit. Many successful attacks are carried out using fake websites, emails and forms that look like exact replicas of the websites you are using.
Malicious browser extensions and applications are often the reason for hacking accounts or wallets and then stealing funds. Browser extensions or apps you install can access various components of your browser or device, potentially leading to your accounts (including exchange accounts) and possibly even wallets being compromised.
Exercise caution when choosing browser and app extensions, especially those related to cryptocurrencies or the promise of secure cryptocurrency experiences. Try to restrict the set of applications to known variants, and assess the risk of security problems in a sound manner.
