Learn how you can add an extra layer of security to protect your crypto funds.
This article is part of an ongoing series on security. The information contained in this article has been reviewed by the Binance.US Security Team.
When it comes to securing your account with Binance.US, your account security is our top priority. With multiple layers of security, world class threat modeling, third-party audits, and more, we take extensive steps to make sure our users have a safe and secure experience on our platform.
If you’re looking for additional ways to secure your account, continue reading for a few of the most popular ways you can keep your account — and your crypto funds secure. Plus, we’ll share some overall safety tips to keep in mind when using any online accounts, crypto or otherwise.
Use Complex Passwords
We all understand how easy it is to have one password for all of your accounts that is easy to remember, but as the internet becomes more widely used and crypto becomes more mainstream, failing to diversify your password portfolio can lead to a compromised account. This is made easier when your crypto exchange and wallet share a password with something like a social media account, which has a history of numerous and large scale data breaches.
To address this potential issue, make sure you create passwords that will be hard to crack. Invest time in protecting your investments. For any accounts that hold monetary value, your bank and credit card accounts included, your passwords should ideally be 16 characters. The characters should be complex and include uppercase letters, lowercase letters, numbers, and special characters like asterisks or question marks. Don't have a Binance.US account yet? You can create your free account here.
Yes, these will be difficult to remember off the top of your head. That’s where password managers come in. Yes, some browsers already do this for you, but if an attacker were to gain access to your computer, they would be able to access all of your saved passwords. Instead, we recommend users consider a subscription-based password manager for added security.
An additional step you can take when it comes to passwords is taking the time to change them regularly. Consistent updates to the passwords of all your accounts will further protect you from hackers.
Another important tool in securing your account is two-factor authentication (2FA). 2FA authentication requires two methods to verify your identity. These include a unique password and username as well as a device or app to confirm it is indeed you trying to access your account.
Binance.US requires strict sign-in protocols using two-factor authentication. Some platforms only allow you to approve logins via a text message sent to your smartphone as a secondary form of authentication. These methods, while providing some protection, are susceptible to “SIM swapping”; a technique hackers use to get past SMS MFA. We at Binance.US give users the option of using simple 2FA via app-based, SMS, and email methods, but recommend using app-based 2FA for better protection.
Existing customers can set up their 2FA method via the Security dashboard.
What’s more, Binance.US is planning a rollout of Universal 2nd Factor Authentication (U2F) in early 2023. This feature will allow users to utilize physical authentication devices like Yubico’s YubiKey for an added layer of protection. Instead of relying on your smartphone, these hardware devices are plugged into your computer, similar to a USB device, and grant you access to your account when touched. They can be plugged into your computer or smartphone depending on your needs. These are some of the best devices to keep your account safe.
You can’t trick a trickster, but you can fool a fool. If you haven't grown up with the internet, you may be more susceptible to common tricks used by scammers and even if you consider yourself computer literate, scammers are devising new ways to catch you off guard every day. To limit your exposure, learn more about techniques used by malicious hackers.
For instance, phishing is a technique used by hackers to catch you with your guard down by posing as someone else to get you to hand over your information. A common phishing scam you may have seen in your day-to-day life is a phishing text that pretends to be a retailer you frequent and asks you to click on a link regarding a recently placed order. Because you know the company and have a history, you may click on the link only to find out that you have opened yourself up to an attack.
Binance.US allows you to include a special code to help you confirm that emails sent to you from Binance.US are legitimate. The Anti-Phishing Code feature can be turned on in your account and allows you to set a unique password or code that will appear at the top of any email from Binance.US. Given that most attacks start with some sort of phishing email, we highly recommend enabling this feature. Further, we encourage this code to be changed from time to time.
If you are a current Binance.US user, you can enable the Anti-Phishing Code by logging in and visiting your Security dashboard. By staying informed about phishing scams and other potential tricks hackers may use, you will be better able to spot when something seems suspicious.
Keep an Eye On Your Account
To help make sure you’re safe, Binance.US’s Risk Management system analyzes every password reset, two-factor authentication reset, withdrawal attempt, and email address change for suspicious activity. Unusual activity triggers suspended withdrawals for a predetermined amount of time based on the type of activity.
However, regularly checking your account activity is still recommended to ensure everything looks normal. Don’t recognize an IP address that your account was accessed from? That could be a red flag. Binance.US customers can use the device management feature to stay on top of who has access to your account. If there is a device you don’t recognize or one no longer in use, remove it from the list of devices that have access to your account. Once removed, these devices will not be able to sign back in unless you give permission.
If there is ever activity you do not recognize as your own or that of a trusted person you have given permission to, immediately disable your account. Doing so will put an immediate stop to all trading and withdrawals on your account.
Manage Withdrawal Addresses and Storage Locations
If a hacker gains access to your account, they may try to withdraw funds and deposit them into their wallet. To help combat this, Binance.US allows you to manage the address where you can withdraw funds to. Using this “Address Management” feature sends an email confirmation whenever you add a withdrawal address. If you get an email for a request you did not request, you will be able to take action. Existing Binance.US customers can access the Address Management feature here. Please note this feature will also be coming to Binance.US mobile soon.
Choosing a secure wallet is also crucial to making sure your crypto is safe. While Binance.US takes steps to make sure that your crypto is safe with us, other options exist for those looking to take matters into their own hands. Trust Wallet, for example, is an excellent option for Binance.US users looking for a non-custodial software wallet. Those looking for added security may opt for a hardware wallet, which is widely considered to be the gold standard when it comes to securing your cryptocurrency. These wallets are not connected to the internet and therefore significantly reduce the risk of remote attack from malicious actors.
Looking to start your crypto journey on Binance.US? Sign up today and buy crypto in 2 minutes or less.
Download the Binance.US app to trade on the go: iOS | Android
Legal Disclaimer: This material has been prepared for general informational purposes only and should NOT be: (1) considered an individualized recommendation or advice; and (2) relied upon for any investment activities. All information is provided on an as-is basis and is subject to change without notice, we make no representation or warranty of any kind, express or implied, regarding the accuracy, validity, reliability, availability or completeness of any such information. Binance.US does NOT provide investment, legal, or tax advice in any manner or form. The ownership of any investment decision(s) exclusively vests with you after analyzing all possible risk factors and by exercising your own independent discretion. Binance.US shall not be liable for any consequences thereof.