Introduction
At Binance, security is a top priority. While we do everything we can to keep your account safe, you also have the power to greatly increase the security of your account.
In this article, we outline a series of steps you can take to protect your account, along with general good habits you should always keep in mind. We, like you, are interested in keeping your account safe. The blockchain industry is growing very fast, so creating a more secure environment will benefit us all.
So what are some steps you can take to increase the security of your Binance account?
1. Use a strong password and change it regularly
It may seem obvious, but this is an essential step to protect your Binance account. You should use strong and unique passwords for each of your online accounts. This is especially important for those that store valuable items – such as your cryptocurrency exchange account. Ideally, these passwords should be longer than eight characters, contain both uppercase and lowercase letters, numbers and what are called special characters.
One of the best ways to generate, manage and store secure passwords is with so-called password managers. This way, you can store and manage your different passwords in a convenient and secure way, keeping them all in one place. Most password managers employ sophisticated encryption mechanisms to provide an extra layer of protection. Be sure to use only trusted password management software, and of course, create a secure master password.
Having a strong password is an excellent first step, but that doesn’t mean you have nothing else left to do. It’s also good practice to change your passwords regularly, since hackers may have ways to get them. This applies not only to your Binance account, but also to your email address associated with it.
And while we’re on the subject of your email, there is one more point to consider – for different accounts it is beneficial to use different email addresses. This way, you can mitigate some of the detrimental effects of data breaches. Especially when you use an old email account, there is a high chance that it may have been part of a data breach in the past. However, if you use a specific email for each service, the chance of multiple accounts of yours being affected by a breach is lower. The Have I Been Pwned website is an excellent source to check if any of your accounts have ever been the victim of a data breach.
Please note that when you change your Binance account password, you will not be able to withdraw funds for the next 24 hours. This is to prevent potential attackers from preventing you from accessing your account while they are withdrawing your funds.
2. Enable Two-Factor Authentication (2FA)
Enabling Two-Factor Authentication (2FA) should be one of the first things you do after creating your Binance account. Binance supports two types of 2FA: SMS and Google Authentication. Of the two, we preferably recommend Google Authenticator. Just be sure to write down your reset key, in case you need to transfer your 2FA codes to a new cell phone.
Although SMS authentication may be easier to use, it is considered less secure than Google Authenticator. SIM swapping is a real threat, and some prominent profile accounts have fallen victim to this technique. In 2019, Twitter CEO Jack Dorsey was hacked using this method, giving attackers free reign on his Twitter account-followed by millions of people.
These are not the only ways to protect your account with 2FA. Next, we will briefly discuss another method called Universal 2nd Factor Authentication (U2F). It requires a hardware device that protects your account. And the good news is… Binance supports it too!
3. Check the list of devices authorized to access your account.
You can check the devices that are authorized to access your Binance account in the Device Management tab. When using the Binance application, you can find this tab under the “Account” tab.
If you see any devices that you do not recognize or no longer use, delete them. Once you delete a device, it will no longer be able to access your account unless you re-allow it via a confirmation email. As we discussed earlier, this is why the security of your email account is also of utmost importance.
You can also check account activity, i.e. from which IP address your account was accessed and when. If you see anything suspicious, immediately disable your account. This will suspend trading and withdrawals, remove all your API keys and remove all devices that can access your account.
4. Manage your withdrawal addresses
Your Binance account has a security feature called Address Management. It allows you to limit the wallet addresses to which you can withdraw funds. If you enable this option, each newly added address will require a confirmation email to be added to the whitelist.
To reiterate, this is why it is so important to keep your email account secure! It is the foundation of your online security.
Can’t decide which crypto wallet to withdraw your funds to? You can try Trust Wallet, it’s a great option if you’re looking for a secure software wallet for your cell phone. You could also invest in a hardware wallet to keep your private keys offline.
3. Check the list of devices authorized to access your account.
You can check the devices that are authorized to access your Binance account in the Device Management tab. When using the Binance application, you can find this tab under the “Account” tab.
If you see any devices that you do not recognize or no longer use, delete them. Once you delete a device, it will no longer be able to access your account unless you re-allow it via a confirmation email. As we discussed earlier, this is why the security of your email account is also of utmost importance.
You can also check account activity, i.e. from which IP address your account was accessed and when. If you see anything suspicious, immediately disable your account. This will suspend trading and withdrawals, remove all your API keys and remove all devices that can access your account.
4. Manage your withdrawal addresses
Your Binance account has a security feature called Address Management. It allows you to limit the wallet addresses to which you can withdraw funds. If you enable this option, each newly added address will require a confirmation email to be added to the whitelist.
To reiterate, this is why it is so important to keep your email account secure! It is the foundation of your online security.
Can’t decide which crypto wallet to withdraw your funds to? You can try Trust Wallet, it’s a great option if you’re looking for a secure software wallet for your cell phone. You could also invest in a hardware wallet to keep your private keys offline.
5. Learn about phishing
Phishing is a type of attack in which a malicious actor tries to impersonate another person (e.g. a company) to obtain your personal information. It is one of the most common attacks, and you should be wary of it.
As a general rule, it is best to visit Binance only from a saved bookmark instead of typing in the address each time. If you haven’t already done so, feel free to bookmark the link right now: https://www.binance.com. With this simple step, you can already avoid a good portion of fake Binance websites that aim to trick you into accessing your account information.
The Anti-Phishing Code feature allows you to set up a unique code to be included in all your Binance notification emails. By enabling the Anti-Phishing code, you will be able to know if the notification emails you receive from Binance are genuine. For more information on how to use it, please see our Anti-Phishing Code Guide.
Want to learn about other ways to avoid phishing? Take a look at What is phishing?
6. Follow the API security guidelines
The Binance API is a great way for advanced traders to maximize their experience with the Binance trading engine. The Binance API allows you to create custom trading strategies.
However, using API keys carries some risks because it allows your data to be shared with external applications. When using the Binance API, you should consider restricting access by IP address. This way, only whitelisted IP addresses will be enabled. You should also consider changing your API keys regularly and avoid giving your keys to third parties.
7. Use Universal 2nd Factor Authentication (U2F)
Binance supports U2F compliant authenticators, such as Yubico YubiKey. These devices will grant you access to your account only if they are connected to your computer or if they are paired wirelessly.
You could think of this device as similar to your Google Authenticator, but instead of a piece of software, it is a piece of hardware. This means that accessing your account also requires physical access to this hardware.
Conclusion
Keeping your Binance account secure is an important consideration. We reviewed some of the simple steps you can take to protect your account and prevent hackers from accessing your precious bitcoins and altcoins.
If you want to check your current security level, go to your security dashboard. If you are using the Binance application, go to the “Security” section of the “Account” tab.
If you want to be even more informed, be sure to check out our articles on other Binance Academy security-related topics!