Cryptocurrency security

Invest a little time, effort and money in security - and sleep well at night.

Cryptocurrency Security

How to securely log onto exchanges (and other websites)

If you look on Wikipedia for the list of companies that have had data breaches, you will see a lot of familiar names, probably including companies that you currently use. This shows that you should not trust your data with anyone, especially when your personal finance is at risk.

The standard method of authenticating (logging onto) exchanges is with an e-mail address and password. Whilst this is reasonably safe, it is safer (and therefore recommended) to authenticate with a second authentication method as well.

The second authentication method should be of a different format to the first – i.e. not a static password. When two different layers of authentication are used, this is known as ‘Two Factor Authentication’ (2FA). 2FA is used when you withdraw cash from an ATM – i.e. you use a physical debit card and a PIN.

Most exchanges will offer 2FA in the form of an app such as Google Authenticator or Authy or Yubikey which is a physical equivalent to these apps. Both the apps and Yubikey provide the same thing, which is to provide a new computer-generated password each time you need to log onto the website – the password expires after a short amount of time.

2 Factor Authentication - Apps vs Yubikey

Comparison App Yubikey
Cost Free $45 - $60 (depending on which you choose)
Security Although they are very secure, because they are software based, they are not deemed as secure as physical devices (i.e. the Yubikey) Because they are physical devices and require human input each time you use them, they are deemed to be a more secure method than using 2FA apps to authenticate onto websites
Lost app/Yubikey If you lose your phone, you can easily recover the app (and all keys) onto another phone

If you lose your Yubikey, you can’t log onto the websites. It can take days (even weeks) for the website to resolve your user account, to allow you back onto it.

If you want to continue to use Yubikey, you will need to purchase a new Yubikey and register it on each website that you want to use it on

Note that some websites do allow you to have 2 Yubikeys registered with them, so if you lose one, you can still log on with the other, but most sites only allow 1 key to be registered

Log onto a website
  • Enter e-mail address and password
  • Open the app and select the required website listing
  • Read the generated number
  • Enter the number into the website
  • Enter e-mail address and password
  • Plug in the Yubikey (or hold the Yubikey to your phone if using NFC)
  • Press the Yubikey button, to tell it to enter the password into the website
Recommended apps/devices Yubico Store
More information

Take the Yubikey quick quiz and view the Yubikey comparison table to identify which Yubikey form factor is best for you.

Because I want to use it on multiple computers (personal laptop and work laptop) as well as my phone, I have the Yubikey 5 NFC which is USB-A compatible, has NFC and fits on my keyring.

If you only use one computer, you might want to purchase the Yubikey 5 Nano (USB-A) or the Yubikey 5C Nano (USB-C).

This video from Authy gives a good overview of why 2FA is important and how it works (the same concept is true of Google Authenticator):

This video from Yubico explains the Yubikey product and how they are used:

Storing your cryptocurrency

It is vital to keep your cryptocurrency stored safely and securely. The wallets page of this website guides you on how and where you should keep your assets.