Security is a top priority at Binance. While we do everything to keep your account secure, you also have the power to greatly increase the security of your Binance account.
In this article, we describe a few simple steps that you can take to secure your account, along with general good habits that you should keep in mind. Just like you, it’s in our interest to keep your account safe. The blockchain industry is growing fast, so creating a more secure environment will benefit us all.
So what are the steps you can take to increase the security of your Binance account?
1. Use a strong password and change it regularly
This may sound quite obvious, but it’s an essential step for securing your Binance account. You should use strong and unique passwords for every one of your accounts on the Internet. This is especially true for those that hold value – like your cryptocurrency exchange account. Ideally, these passwords should be more than eight characters long, containing both uppercase and lowercase letters, numbers, and special characters.
One of the best ways to generate, manage, and store secure passwords are password managers. This way, you can hold and manage your different passwords in a secure and convenient way, all in the same place. Most password managers will employ sophisticated encryption mechanisms to provide an additional layer of protection. Be sure to only use trusted password manager software, and of course, create a strong master password.
Having a strong password is an excellent first step, but it doesn’t mean you’re set forever. It’s also good practice to change your passwords regularly, as attackers may have ways to obtain your passwords regardless. This is not only true for your Binance account, but also your email associated with your Binance account.
While we’re at your email, here’s another point to consider – it’s beneficial to use different email addresses for different accounts. This way, you can mitigate some of the potentially detrimental effects of data breaches. Especially if you’re using an old email account, there’s a high chance that it has been part of a breach in the past. However, if you’re using dedicated email addresses for each service, there’s a smaller chance that a breach will affect multiple of your accounts. The website Have I Been Pwned is a great resource to check if any of your accounts were ever the victim of a data breach.
Please note that once you change the password of your Binance account, you won’t be able to withdraw funds in the following 24 hours. This is to prevent potential attackers from locking you out of your account while withdrawing your funds.
2. Enable Two-Factor Authentication (2FA)
Activating Two-Factor Authentication (2FA) should be among the first things you do after creating a Binance account. Binance supports two types of 2FA: SMS and Google Authentication. Out of these two, we recommend Google Authenticator. Just make sure to write down your reset key in case you need to transfer your 2FA codes to a new mobile phone.
While SMS authentication may be easier to use, it’s deemed less secure than Google Authenticator. SIM swapping is a real threat, and some high profile accounts have been a victim of this technique. In 2019, Twitter CEO Jack Dorsey was hacked with this method, leaving attackers free reign over his Twitter account with millions of followers.
These aren’t the only ways to secure your account with 2FA. We’ll shortly discuss another method called Universal 2nd Factor (U2F) authentication. It involves a secure hardware device that protects your account. And good news, Binance supports that too!
3. Check the list of devices authorized to access your account
You can check the devices that are authorized to access your Binance account in the Device Management tab. When using the Binance app, you can find this tab under the “Account” tab.
If you see any devices you don’t recognize or don’t use anymore, remove them. Once you remove a device, it won’t be able to access your account again, unless you re-allow it through an email confirmation. As we’ve discussed earlier, this is why the security of your email account is also of paramount importance.
You can also check account activity, that is, what IP address was your account accessed from and when. If you see anything suspicious, immediately disable your account. This will suspend trading and withdrawals, delete all your API keys, and remove all devices that can access your account.
4. Manage your withdrawal addresses
Your Binance account has a security feature called Address Management. It allows you to limit the wallet addresses that you can withdraw funds to. If you turn this on, each newly added address will require an email confirmation to be added to the whitelist.
To reiterate, this is why keeping your email account secure is so critical! It’s the foundation of your online security.
Can’t decide what crypto wallet to withdraw your funds to? You could try out Trust Wallet, it’s an excellent choice if you’re looking for a secure software wallet for your mobile phone. You could also invest in a hardware wallet to keep your private keys offline.
5. Learn about phishing
Phishing is a type of attack where a malicious actor tries to pose as someone else (for example, a business) to obtain your personal information. It’s one of the most common attacks out there, and you should be wary of it.
As a general rule of thumb, it’s best to only visit Binance from a saved bookmark instead of typing the address each time. If you haven’t already, feel free to bookmark the link right now: https://www.binance.com. With this simple step, you can already avoid a good chunk of the fake Binance websites that aim to trick you into getting access to your account information.
The Anti-Phishing Code feature allows you to set a unique code to be included in all your Binance notification emails. By enabling the Anti-Phishing code, you’ll be able to tell if the notification emails you’re receiving from Binance are genuine. If you’d like to learn more about how to use it, check out our Anti-Phishing Code Guide.
Would you like to learn about other ways to avoid phishing? Check out What is Phishing?.
6. Follow API security guidelines
The Binance API is an excellent way for more advanced traders to maximize their experience with the Binance trading engine. The Binance API allows you to create custom trading strategies.
However, using API keys brings some risks because you’re allowing your data to be shared with external applications. When you’re using the Binance API, you should consider restricting access based on IP address. This way, only the whitelisted IP addresses will be enabled. You should also consider changing your API keys regularly, and avoid giving your keys to external parties.
7. Use Universal 2nd Factor (U2F) authentication
Binance supports U2F-compatible authenticators, such as the Yubico YubiKey. These devices will grant you access to your account only if they’re plugged in to your computer or paired wirelessly.
You could think of this device as similar to your Google Authenticator, but instead of a piece of software, it’s a piece of hardware. This means that accessing your account requires physical access to this hardware as well.
Keeping your Binance account secure is an important consideration. We went through some of the simple steps you can take to protect your account and keep hackers from accessing your precious bitcoins and altcoins.
If you’d like to check your current security level, go to your Security dashboard. If you’re using the Binance app, go to the “Security” section of your “Account” tab.
If you’d like to be even more informed, be sure to check out our articles on other security-related topics on Binance Academy!