If you are using an exchange to trade cryptocurrencies, the security of your account should be your utmost priority. You are advised to always store your coins in a cold wallet unless you are actively trading. Storing your coins on a centralized exchange is generally less secured as the central server of an exchange is often subject to malicious attacks and you might be also susceptible to various phishing attempts. This is why 2FA is often recommended on top of a standard password to enforce an extra layer of security. There are a lot of different options for 2FA, with Google Authenticator being the simplest one in my opinion.
Although the steps are quite straightforward, it might be quite confusing for beginners to set up their two-step verification as a lot of the exchanges don’t offer much guidance on that. In this article, we are looking specifically at setting up 2FA using Google Authenticator. We are using Binance as an example, but the step should be similar across all exchanges. ( e.g Bitfinex, Bittrex, Kucoin )
How to enable 2FA using Google Authenticator ( Step By Step )
- Go to your exchange account and login ( in this case, we are usingBinance for an example )
- Enter your email, password and proceed to login
- To make sure that you are human, Binance will then require you to solve a small puzzle simply by dragging the missing piece to the right place along the slider.
- Once you are at your dashboard, locate your profile icon on the top right corner and click on Account.
- If you haven't set up 2FA before, you will receive a prompt from the system that recommend you to enable 2FA as shown in the screenshot below.
- Select Google Authentication. We recommend google authentication over SMS authentication due to higher security that the former offers. Someone could hijack your SMS with by convincing the mobile shop that he/she is the owner of the phone number and asked them to issue a new replacement SIM with your phone number on it. They will then start receiving your SMS and the SIM on your phone will no longer be functional. ( A SIM Swap Fraud )
- Alternatively, you can go here ( screenshot below ) to activate your 2FA.
- Once you click enable, you will be directed to a page that will guide you through setting up 2FA
- As shown in the screenshot below, the first step is to download the google authenticator app via play store/app store. ( Android | IOS )
- Hit next step once you have downloaded the app.
- On this screen, you will see a QR code on the left and a key on the right.
- Launch the google authenticatior app and hit begin
- You will see the following screen providing you with two options: "scan a barcode" & "Enter the provided key"
- You can now either scan the QR code or enter the key manually.
- Once the QR code is scanned or once you enter the key, you should be able to see binance account added into the dashboard of Google Authenticator as below.
- The 6 digits code, as shown above, is dynamic which means that it will keep changing at regular interval. Now everytime that you try to log in, you will have to enter the code in the google authenticator on top of your regular password.
- Click on next step once you have done the above.
- You will be provided with your backup key on the following screen. It is very crucial to write this number down and keep it somewhere safe. In case you lose your device, this is the way to retrieve your account on Google Authenticator and set it up on your new device.
- Click on next step to proceed.
- To finally enable Google Authentication, you will need to input your key from previous screen, your password as well as the google authentication code on your device.
- Click on "Enable Google Authentication" and voila!
Why aren't password sufficient?
- Duplicated Password
For convenient sake, people are inclined to use the same password over and over again in multiple sites. This increase the probability and the risk of you compromising your passwords and hence your precious personal information and funds. - Keylogger
Keylogger is an application that records your keystroke remotely. A keystroke-logging tool ( that you might install accidentally/ get installed on your pc without you even aware ) can capture your every single passwords. - Phishing
Check out this Binance phishing site. You would hardly aware that it is a phishing site, not to mention when it has the exact same interface as the genuine site. If a password was your only verification protocol, your account would have been compromised in such a scenario. This further exemplifies the significance of 2FA in securing your exchange account.
Notice anything different?
What if I lose my device?
It is of utmost importance to keep your backup key in somewhere secure and most importantly, somewhere you would remember when you need it. If you happened to lose your device ( which you set up your 2FA in ) as well as your backup key, you might lose access to your fund forever. Try not to store your key online as this would probably subject your key to potential hack. Some exchanges might help you in recovering your account, however, the process will be inevitably long, tedious and taxing. You might lose some good trading opportunities due to this, if not your fund. Keeping the 2FA backup key will also enable you to move the Google Authenticator to a new device.
Conclusion - Setting Up 2FA using Google Authenticator
Some might think that setting up 2FA and using it everytime you log in is tedious ( which is really not ) but one should never trade security for convenience especially when it involves your precious assets. Hope that this article helps and should you have any question, feel free to leave me a message in the comment section below! Have a great day!
So informative, which I had this article when I started off as it really helps beginners to get started quickly. Thank you for all the tips as well as to why some safety steps has to be taken. The phishing binance website sure looks like the actual one at first glance, would have easily fell for it. Thank you for the great tips! Well written.