Secure your furture Crypto Wealth!

What You Need is Two-Factor Authentication (2FA)

You need 2FA to provide extra security by giving second step of authentication. There are three ways to verify yourself:

1. Password
2. 2 Factor Authentication with smartphone , finger print, Google Authenticator, SMS, Email

If your 2FA is disabled, anyone who knows the password can access your account. With 2FA it’ll be difficult for hackers to get access to your Account.

But you have to remember that not all 2FA methods are safe !

Which 2FA method you should choose?

SMS : You will receive an SMS on your registered mobile phone as a 2FA. But there are a couple of problems in this method.

1. Technical problems. SMS may be delayed due to some carrier issues. If you are abroad, in roaming or using another SIM, you will also get some troubles with account access.
2. Security problems. Here are only some of them:

• Number Port-out
  If your number is port out mischiveously by some hacker, a secret SMS for authentication is sent to the attacker, not to the original phone owner.
• SIM Swap Fraud.
  Sometimes, carriers can’t prevent duplicating SIM cards by attackers. A scammer can request a new SIM card from the carrier, claiming that old SIM card was lost, using a fake ID to pick-up the card from carrier office. As a result, they get a leg in your secret data and steal money from your accounts.
• Android SMS Interception Malware.
  Last but not least attack vector works against Android smartphone owners. As an example — malware that pretended to be AliPay, famous Chinese online payment app.

National Institute of Standards and Technology (NIST) recommended avoiding use SMS 2FA.

Google Authenticator — Simple and Efficient Method

How it works. Firstly, you need to install Google Authenticator app that generates the codes. Then, scan the QR code shown on the website where you are activating 2FA, this will transfer the secret key to your smartphone. Every 30 or 60 seconds the app will generate a new one-time 6-digit code based on your secret key and the current time. To sign in to your account, you will need to enter this code besides the common password.

The good news is that it’s enough to have any device suitable for installing the application. Internet access is not required — everything works offline. The code is generated directly on the device, so it can’t be intercepted as in the case of SMS.

Google Authenticator 2FA is by far the best choice to protect your accounts.

Backup of Recover Key:

Backup the Recovery Key Correctly.

When activating 2FA, many web services ask to backup your secret/recovery key. Don’t skip this step, or you will lose access to your account if your device is broken, lost or replaced by a new one.

Don’t store the secret key on your computer, it will make 2FA less secure. If the computer is infected with malware, the attacker will get not only your password but also the second authentication factor (recovery key). That’s why the best way is to keep your secret key stored offline (e.g., write it down on the paper).