How to securely log onto exchanges (and other websites)
If you look on Wikipedia for the list of companies that have had data breaches, you will see a lot of familiar names, probably including companies that you currently use. This shows that you should not trust your data with anyone, especially when your personal finance is at risk.
The standard method of authenticating (logging onto) exchanges is with an e-mail address and password. Whilst this is reasonably safe, it is safer (and therefore recommended) to authenticate with a second authentication method as well.
The second authentication method should be of a different format to the first – i.e. not a static password. When two different layers of authentication are used, this is known as ‘Two Factor Authentication’ (2FA). 2FA is used when you withdraw cash from an ATM – i.e. you use a physical debit card and a PIN.
Most exchanges will offer 2FA in the form of an app such as Google Authenticator or Authy or Yubikey which is a physical equivalent to these apps. Both the apps and Yubikey provide the same thing, which is to provide a new computer-generated password each time you need to log onto the website – the password expires after a short amount of time.
2 Factor Authentication - Apps vs Yubikey
|Cost||Free||$45 - $60 (depending on which you choose)|
|Security||Although they are very secure, because they are software based, they are not deemed as secure as physical devices (i.e. the Yubikey)||Because they are physical devices and require human input each time you use them, they are deemed to be a more secure method than using 2FA apps to authenticate onto websites|
|Lost app/Yubikey||If you lose your phone, you can easily recover the app (and all keys) onto another phone||
If you lose your Yubikey, you can’t log onto the websites. It can take days (even weeks) for the website to resolve your user account, to allow you back onto it.
If you want to continue to use Yubikey, you will need to purchase a new Yubikey and register it on each website that you want to use it on
Note that some websites do allow you to have 2 Yubikeys registered with them, so if you lose one, you can still log on with the other, but most sites only allow 1 key to be registered
|Log onto a website||
|Recommended apps/devices||Yubico Store|
This video from Authy gives a good overview of why 2FA is important and how it works (the same concept is true of Google Authenticator):
This video from Yubico explains the Yubikey product and how they are used:
Storing your cryptocurrency
It is vital to keep your cryptocurrency stored safely and securely. The wallets page of this website guides you on how and where you should keep your assets.