Security is the number one priority at Binance. We have invested countless hours and resources into ensuring that our platform is safe from bad actors, including incorporating big data analysis and AI technologies to aid us in preventing attacks. We’ve even partnered with various cyber-security and compliance firms in the blockchain space. Yet, the best security partnership we can build is with the Binance community itself.
Each and every Binancian has the power to ensure that the community remains SAFU from bad actors, starting with maintaining regular habits that help keep accounts safe. With our organizational commitment toward preventing unauthorized activity and our community’s heightened sense of security, we can collaborate to create a more secure environment for cryptocurrency.
1. Always use Two-Factor Authentication (2FA), preferably Google Authenticator.
Activating 2FA on your Binance account is a crucial first step toward securing your funds on Binance. Currently, we offer two options for 2FA: SMS and Google Authenticator. We recommend using Google Authenticator. While SMS 2FA may be more convenient, this increases the attack vectors that may be used to target your account (e.g. SIM swapping). We will soon introduce a third option for Two-Factor Authentication: Universal 2nd Factor (U2F), supporting devices such as Yubico YubiKeys. Stay tuned to our announcements for updates regarding this feature.
2. Check the list of devices that have been authorized to access your Binance account. If you see any devices that you don’t recognize or no longer use, simply remove them. To do this:
a) Log in to your Binance account and navigate to “My Account” on your browser or app.
b) Review “Device Management” at the bottom of the My Account page on your browser or under the “Security” menu on the app.
c) Remove any unrecognized or unused devices. Once a device is deleted, it will no longer be able to access your account unless you re-confirmed via email.
3. Use a strong password for your Binance account and change it regularly.
It is highly recommended to use a password that is at least 8 characters long, containing at least one uppercase letter, one lowercase letter, one special character, and one number.
However, a strong password alone is not enough, as there are a variety of ways in which your password may be obtained by an attacker. With this in mind, it’s a good habit to change your password periodically. This practice should not be confined to your Binance account, but also used for your e-mail accounts (especially if used for a financial account such as Binance).
For your own security, any time you change the password associated with your Binance account, your withdrawals will be temporarily suspended for a period of 24 hours following the change. Please consider this when planning password changes.
4. Allow withdrawals only to addresses you trust and check the whitelist regularly. Binance has a feature, “Withdrawal Address Management”, which allows you to limit the wallet addresses to which you can withdraw your funds. As each addition requires e-mail confirmation, this feature can protect you in special cases of unauthorized access. Simply enable the “Whitelist” option in the Withdrawal Address Management section.
5. If possible, complete Level 2 Verification for your Binance account. Completing Level 2 Verification doesn’t only grant you a higher withdrawal limit, but also helps protect you from an attacker claiming ownership of your account. In situations where you have made a mistake, it also allows our customer support team to resolve your issue in a more convenient way.
6. Consider managing some funds in your own wallet (e.g. Trust Wallet)
No matter how secure an exchange may be, it is often argued that your funds are most secure in your own possession. Trust Wallet, the official crypto wallet app of Binance, provides you with a convenient way to securely store your funds away from third-parties, with support for most major cryptocurrencies and all ERC20 tokens. You may download the Trust Wallet app for Android or iOS. Bonus tip: You can also easily integrate your Trust Wallet with Binance DEX and trade on the decentralized exchange.
7. Take the necessary steps to secure your account when using API. A large portion of the Binance community uses our API, our documented programming interface that allows Binance data to be shared with other applications. This allows for a more customized trading experience, but if not used securely, it may lead to issues. When using the API, you may consider things such as restricting access by IP address, avoiding providing your API keys to third-party services, changing your keys regularly, and/or using the aforementioned withdrawal address whitelist.
The next seven steps go beyond your Binance account and tackle general security procedures. Take these steps as well.
8. Make sure that your Internet connection is secure. Checking for the security of your connection extends to multiple fronts, from your Internet service provider and how you are connected to them, to any software and/or services in between. Avoid connecting to public Wi-Fi networks and other shared connections, as these expose a risk for attackers that may want to intercept the data that you transmit.
9. Install antivirus software and trust only secure apps/programs. It pays to be sure that the apps you use and the files you access or download are not infected with viruses, malware, or anything else that may compromise your information. Ensure that all of your devices are protected with the latest version of your preferred anti-virus software and that regular scans are scheduled. Always download apps/programs from trusted, official sources, and avoid accessing links or software shared by someone you do not know and trust. For extra security, you may consider a dedicated device strictly for your sensitive account(s).
10. Put a lock on your phone. There’s a big chance that you use your phone for 2FA and other sensitive activities. Knowing this, it’s a no-brainer that you need to keep your phone protected. Whether it’s via password or fingerprint, any additional layer of security is helpful.
11. Use a secure password manager. Multiple secure and different passwords are, unfortunately, not easy to remember. Password managers make it easier for you to keep track of these complicated passwords across multiple accounts, and many of these services have sophisticated encryption mechanisms that make password storage more secure. Of course, the password you choose for your password manager should be as complex as possible.
12. As much as possible, use unique emails for each of your accounts, including your Binance account. Most people use one or two emails for all of their accounts. This may create many opportunities for your information to be shared across different websites and/or services. A sophisticated attack can leverage your info stolen from one service to attempt to access your account on another service. Use unique e-mails for each of your accounts to prevent unintended sharing if information from happening.
13. Invest in Universal 2nd Factor (U2F) authenticators. Recently, we announced that we will add support for U2F-compatible authenticators, such as the Yubico YubiKey. These devices will securely grant access to your account when plugged in or paired wirelessly. This process is similar to traditional Two-Factor Authentication (2FA) methods, such as SMS and Google Authenticator, but manual entry of a code is not required, which makes physical access to the device a necessity.
14. Identify and avoid phishing attempts. Always check the emails you receive and the websites you log in to. Many successful attacks involve fake websites and forms that masquerade as exact replicas, or giveaways, for websites you have accounts with. Make it a habit to check the address bar of the websites you visit for accuracy, as well as the details regarding the source of e-mails you receive.
You may read this comprehensive guide on how to avoid phishing from Binance Academy, which also has more lessons regarding security in the crypto space. Also consider taking the Phishing Quiz to try your luck at distinguishing and avoiding phishing attempts.