Highly secure accounts at Bitfinex rely in part upon how serious the individual account holder treats his or her own personal security. Users can avoid becoming a victim of compromise by following a few best practices when securing their accounts.
At a minimum, make sure to set your password to a unique, strong password (not used for any other service) and make sure your email account is protected by 2FA. These simple security measures alone can make your Bitfinex account quite safe; however, we provide a large number of additional security measures that users can enable to significantly increase their personal security.
Employ any of the 2FA options we offer on your Bitfinex account and do NOT store a copy of the 2FA secret in an insecure place such as cloud storage, an email account, a computer's hard disk drive, or mobile phone storage. Either don't make a copy of the 2FA secret or print a copy of the QR code provided during 2FA setup and store it in a safe, then delete any digital copy after printing.
A few additional security measures can significantly decrease the risk of account compromise. For example, IP whitelisting and/or withdrawal address locking. When an account has an IP whitelist, only logins from IPs noted in the whitelist will be permitted access to the account. When an account has specific withdrawal addresses locked, withdrawals to only these addresses will be permitted.
Device/Connection Security
Never use a rooted smartphone. Always connect to your account using only well-protected, trusted network connections - not free, public services. Disable WPS if you have that enabled on your wireless network. Use WPA2 for wireless security. Never use WEP for wireless security.
Always use updated antivirus and malware protection to routinely scan your computers and mobile devices. Never open emails, attachments, or files of any kind from untrusted sources.
What if I lose access to my 2FA or whitelisted IP addresses?
If for any reason you lose the ability to access your 2FA or Whitelisted IP address/es, we can disable them for you only after providing us with ID confirmation. In this instance, a photograph of yourself holding your ID or Passport and a note with reference to the current date, Bitfinex, and your signature.
Can I unlock my locked withdrawals addresses?
Yes. As an automated security measure, a 5-day withdrawal hold will be placed on the account. During this period no withdrawals will be processed. We are able to bypass this hold only after providing us with a photograph of yourself holding your ID or Passport and a note with reference to the current date, Bitfinex, and your signature.
Store Your Private Key
We strongly advise users to store the private keys of (some of) the BTC addresses used to make deposits to their Bitfinex accounts. In some instances, we may ask you to sign a message using one of these addresses in order to establish that you are the legitimate account holder. Note that this is only possible when using a wallet that supports the option to sign messages; e.g., Electrum, Multibit HD, or blockchanin.info, but there are many more.
If up until now you have only used other online cryptocurrency services and you do not have access to any of the private keys for input addresses used to make deposits, you should consider making a transaction through a local wallet next time you wish to make a deposit to your Bitfinex account.
To perform this, withdraw BTC from an online service to a wallet you control the private keys of (noted above), then deposit to Bitfinex. If or when needed, you can open your local wallet and sign a message from the address used to make the Deposit to your Bitfinex account.
If you stick to these general security guidelines your funds are safe in your Bitfinex account.
Learn more about security by visiting How Secure is Bitfinex?