We should look at the issue of security as a chain, where each link corresponds to a part of the security we build around what we want to protect. And the first and most important lesson we take from this approach is that security, whether physical or digital, is only as strong as the weakest link in this chain.
In the specific case of security for your account and your cryptocurrencies, this chain is formed by at least 5 links:
secure attitude
secure environment
secure device
secure exchange
secure protocol
Let's then look at each link in this chain.
Blockchain Protocol
Starting with the secure protocol, which can be considered possibly the strongest link in this chain. The blockchain, also known as 'the trust protocol', allows crypto assets to implement a distributed and shared data recording base using cryptography to bring security and privacy to its users. From a security standpoint, the protocol has been extensively tested. The main cryptocurrency, Bitcoin, has existed for over 10 years and has never been hacked or had its network taken down by any type of attack. In a world where we see giants from all business segments, including finance, making headlines for being compromised by cyberattacks, this is quite an achievement.
To learn more about the security of the blockchain protocol, read the article from Binance Academy: What Makes a Blockchain Secure?
Secure Attitude
It is not uncommon for the attitude to be the weakest link in the security chain. This often happens because we simply do not stop to think about how simple things in our daily lives expose us to unnecessary risks in the online world. We must be aware that the more 'online' we are, the greater the attack surface for malicious hackers, and that our email account is the most used attack vector by these attackers. Therefore, it is advisable, when using an email account for your access to cryptocurrency exchanges, to take the precautions presented in the table below.
Secure Environment
Another very important point is to always use a secure environment when accessing the exchange system. Preferably, we should use a wired network or Wi-Fi from our homes or office. Ideally, we should take care to keep the firmware of network equipment updated, and configure these devices with a strong administrator password. The home Wi-Fi network should be protected by a strong password and should use the WPA2 protocol, which is the most current and also the most secure. The possibility of invasions and password attacks is much lower than the previous ones. This is due to its more advanced security standards: in this case, AES (Advanced Encryption Standard).
The most important thing is not to use Wi-Fi networks from public places, such as airports, shopping malls, cafes, etc. In these locations, we are more exposed to a more sophisticated type of attack, but not as uncommon as we would like, known as 'man-in-the-middle'. In this type of malicious action, the attacker intercepts the original Wi-Fi connection and places themselves in the middle of it, thereby being able to record or even alter the data (see illustration in the figure below).
If it is necessary to access the exchange from outside the home or office network, we can use VPN (Virtual Private Network) applications that can be installed on laptops, smartphones, or tablets. A better option than public Wi-Fi networks is to use the cellular network, through the exchange app on your phone, or to share the data network and use the laptop normally. Mobile carrier networks are not completely free from this type of attack, but they require a higher degree of sophistication from the attacker. Ideally, you should always use a VPN (Virtual Private Network) when accessing outside a more controlled environment.
Secure Device
The device used to access the exchange and perform operations must also be secure, whether it is a smartphone, tablet, laptop, or desktop. Initially, to mitigate risks on any of these devices, you should ensure that your operating system and applications are updated. If you are using a laptop or desktop, it is also advisable to have a non-free antivirus solution. If you are using an Android or iOS device, you must ensure that the applications used on these devices are not malicious; never download applications outside of the official Google Store (Android) and Apple Store. For those who need to access frequently via mobile devices, we suggest reading the article about common scams on mobile devices, available on Binance Academy.
Secure Exchange
Finally, let's understand each functionality that the Binance exchange provides as part of this security chain. As we saw earlier, our email account is the most used attack vector by malicious hackers, and because of this, we must carefully check the sender of the email and the attachments sent. To assist the user and provide them with an additional way to verify the origin of the message, Binance created the Anti-Phishing Code. With it, you will know if the notification emails you are receiving are really from Binance or if they are phishing attempts. This is the name given to a fraudulent attempt to obtain confidential information, such as usernames, passwords, and details of your account through disguises. Normally, phishing is carried out by email spoofing and often directs users to enter personal information on a fake website that resembles the legitimate site. In the image below, you can check how the Anti-Phishing Code is sent; the image also shows a simple way to identify if the sender is Binance itself <[email protected]>, just hover over the sender for the true one to be revealed. If you are on a smartphone, click on the sender and carefully check its origin.
The functionalities of withdrawals and security modifications in your Binance account should be given special attention. For this reason, they can be protected in Binance by 2FA or two-factor authentication. To do this, Binance provides two OTP (One-Time Password) methods, which consist of a technological mechanism through which a single-use password is generated and sent to the user. The available OTP methods are:
SMS Authentication: with SMS Authentication enabled, codes sent via SMS to the phone registered in your exchange account will be requested whenever you request a withdrawal or attempt to change security settings.
Google Authentication: to use Google Authenticator, you must install this app on your phone or tablet and activate it. With Google Authentication activated on Binance, authentication codes will be requested whenever you request a withdrawal or attempt to change security settings. When this happens, you should open the app on your phone or tablet and verify the valid code at that moment. Note that new unique codes are generated every 30 seconds. Google authentication is stronger than SMS authentication because, using various unfair tactics (social engineering, persuasion, bribery, etc.), criminals can obtain a new SIM card with the victim's number at a mobile store and start receiving SMS messages instead of the true user.
Finally, Binance also provides the management of withdrawal addresses, where you can create a list of trusted addresses (whitelist) for withdrawing your crypto assets. This prevents withdrawals from being made to incorrect addresses. Remember that ensuring the correct address is used for withdrawals is extremely important, as one of the security features of the blockchain protocol is its immutability. That is, once the withdrawal is made, this transaction cannot be undone.
We hope that now you will take the necessary precautions to keep your account and your cryptocurrencies increasingly secure!#P2PScamAwareness $BNB $BTC $
