Binance always puts security as its top priority. While we will do our best to ensure the security of your account, users can also contribute to significantly improving the security of their accounts. So, what steps can we take to improve the security of our personal Binance accounts?
1. Set a strong password and change it regularly
It sounds simple, but it is an essential step to protect your Binance account. You should set different strong passwords for all accounts in the network. Asset savings accounts such as digital currency trading platform accounts should be protected more strictly. Ideally, these passwords should be more than eight characters long and contain both uppercase and lowercase letters, numbers, and special characters.
One of the best ways to generate, manage and store passwords is a password manager. This tool allows you to save and manage different passwords in a safe and convenient place. Most password managers use sophisticated encryption mechanisms for additional protection. You must use a trusted password manager software to set a strong master password.
Setting a strong password is just a good start, but it does not mean that you can rest assured once and for all. Cyber attackers try to steal passwords in a variety of ways, and changing passwords regularly is a good way to ward off attacks. This measure applies not only to Binance accounts, but also to the email addresses associated with your Binance accounts.
While we are on the subject of email addresses, we recommend using different email addresses for different accounts to reduce the potential risk of data breaches. This is especially true for accounts registered with email addresses from a long time ago, which are likely to have been breached before. If you set up a unique email address for each service, you can significantly reduce the possibility of a single email address affecting multiple accounts at the same time. The Have I Been Pwned website is a very useful tool to check if your account has been breached before.
Please note that once your Binance account password is changed, you will not be able to withdraw funds for the next 24 hours. This prevents potential attackers from stealing victims' funds by changing passwords.
2. Enable Two-Factor Authentication (2FA)
Once your Binance account is created, the first task is to activate two-factor authentication (2FA). Binance supports two types of two-factor authentication (2FA): SMS and Google Authentication. We recommend the second method - Google Authenticator. Be sure to record the reset key so you can use the two-factor authentication (2FA) code in your new phone.
While SMS authentication is more convenient, it is less secure than Google Authenticator. SIM hijacking attacks are a real threat and many high-profile accounts have been hit. In 2019, Twitter CEO Jack Dorsey fell victim. The attacker was able to take full control of his Twitter account, which had millions of followers.
These are not the only ways to protect your account with two-factor authentication (2FA). We will briefly cover another method called "Universal 2nd Factor (U2F) Authentication". It uses a secure hardware device to protect your account. Binance happens to support this tool as well.
3. Check all devices that have access to your account
You can check all devices that have access to your personal Binance account in the Device Management tab. In the Binance app, this tab is under the "Account" tab.
If you find a device that you don’t recognize or no longer use, delete it. Once deleted, the device will not be able to access your account until you confirm and reauthorize it via email. As discussed above, the security of your email account is also very important.
You can also check your account activity, which is the IP address from which you log in to your account and when. If you find anything suspicious, disable your account immediately. This will suspend all trading and withdrawals, delete all API keys, and remove all devices that have access to your account.
4. Manage withdrawal addresses
Your Binance account has a security feature called address management. It allows users to set wallet addresses from which funds can be withdrawn. Once this feature is enabled, all new addresses will need to be confirmed by email before they can be added to the withdrawal whitelist.
Again, it is very important to keep your email account secure! It is the foundation of your online account security.
Still wondering which cryptocurrency wallet to deposit your withdrawn funds into? We recommend Trust Wallet, a secure software wallet that is a great choice for mobile phones. You can also use a hardware wallet to store your private keys offline.
5. Prevent phishing
Phishing is a cyber attack where criminals attempt to impersonate someone else (such as a business) to obtain personal information. This is also the most common attack method at present, so you should always be vigilant and prevent it before it happens.
In general, it is recommended to always access Binance through a saved bookmark to avoid manually entering the address every time you log in. If you haven't bookmarked the Binance official website yet, add the following link now: https://www.binance.com. This simple measure can block many fake Binance websites from tricking you into entering your account information.
With the Anti-Phishing Code feature, you can set a unique code that will be embedded in all notification emails sent by Binance. Once the Anti-Phishing Code is enabled, you can use it to determine whether the notification emails you receive are authentic. For more information, please read our Anti-Phishing Code Guide.
Want to learn more about how to prevent phishing? Read What is phishing?
6. Follow API Security Guide
The Binance API is a great way for more advanced traders to maximize their experience with the Binance trading engine. The Binance API allows users to tailor their trading strategies.
However, using API keys also carries risks when sharing data with external applications. Therefore, when using the Binance API, you should consider IP address-based access restrictions. Only whitelisted IP addresses have access. In addition, API keys should be updated regularly to avoid being leaked.
7. Use Universal 2nd Factor (U2F) Authentication
Binance supports U2F-compatible authenticators, such as the Yubico YubiKey. These devices can only grant access to your account when plugged into a computer or paired wirelessly.
You might think this device is similar to Google Authenticator, but it's not software, it's a hardware device. Physical access to the hardware is also required to access your account.
