The first thing you should do when setting up your Bitfinex account is to ensure that you have proper security measures. Securing your Bitfinex account does not require much effort, and a couple of clicks can go a long way in making sure your account remains protected.
Best measures on how to secure a Bitfinex account
1. Enable Two-Factor Authentication
Two-Factor Authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access an account.
The first thing to do after creating your account on Bitfinex is to make sure that you sign up using a password that is unique to your Bitfinex account and enable two-factor authentication.
Important: As a security measure, 2FA is mandatory for you to access your Bitfinex account features.
What are the best 2FA applications
We recommend users use Google 2FA or Universal 2nd Factor (U2F).
Note: If you enable both 2FA methods, U2F takes priority over Google 2FA.
You can also enable Allow Two-Factor Auth Fallback; this enables you to switch between Google 2FA and U2F if you have both of them enabled.
Storing a physical copy of your 2FA backup key will allow you to reset your 2FA in case if you lose access to your phone. Take care when storing digital copies of backup keys if you choose to do so.
Enabling 2FA can go a long way in securing your funds and should act as the foundation for any further security configurations.
2. Whitelist withdrawal addresses
Whitelisting a withdrawal address is a security feature that allows cryptocurrency withdrawals to only go to addresses already saved on your account.
Limit withdrawals of each currency to specific whitelisted addresses and disable withdrawals for some currencies altogether to ensure the safety of your account.
For example, if you only trade/hold Bitcoin, whitelist your external Bitcoin address and disable withdrawals for all other addresses.
This will prevent malicious actors from withdrawing your funds (to an address that isn’t yours) should your account be compromised.
Note: You must whitelist or disable withdrawals for all currencies for the security feature to have an effect. For example, if you leave XRP withdrawals open, someone would simply need to exchange all your funds to XRP to bypass restrictions.
3. Whitelist IP addresses
IP whitelisting is when you grant network access only to specific IP addresses.
Specify one or more IP addresses that will be whitelisted. When this feature is enabled, only connections from the whitelisted addresses will be able to access the account, and all connections from non-whitelisted addresses will be refused.
You can provide one or more IP addresses and/or specify an IP range.
Important: You can lock yourself out of your account if you are not careful. Please be sure you are on a static IP address (most people are not) and that you fully understand this feature. If you have a dynamic IP address or need to access the account using multiple devices/locations, we would advise against this feature.
4. Lock withdrawals for new IP addresses
Lock withdrawals for new IP addresses will temporarily disable withdrawals whenever a new IP address is detected. When a previously unused IP address is used, withdrawals will be disabled for 24 hours.
Important: If you have a dynamic IP address, you should not enable this option as it will result in a new withdrawal hold being put in place every time a new IP address is used to access the account.
5. Set up a withdrawal confirmation phrase
A withdrawal confirmation phrase adds a secret confirmation phrase to the withdrawal confirmation image to ensure that your withdrawal details have not been tampered with or compromised by malware, malicious actors or man-in-the-middle attacks.
This confirmation phrase will appear in your tamper-proof confirmation image when finalizing your withdrawal.
6. Enable ‘Let Session Expire’
Let Session Expire is a feature to allow traders to remain logged in during long trading sessions or allowing the connection to be stopped.
While it is a helpful feature if you maintain control of your device, it can be an unnecessary risk when using a public or shared computer. Enabling this feature will ensure that you are logged out after 10 minutes of inactivity.
What other security measures should I enable
- We recommend for users to store all funds that are not needed for trading or funding in an offline wallet, to which you possess full control of the private key;
- Avoid accessing Bitfinex on a rooted (i.e. jailbroken) device or public wifi;
- Protect your computer, make sure that your software is up to date and routinely use antivirus and malware protection to scan your devices;
- Type in domains yourself (as opposed to clicking links) or bookmark trusted sites;
- Do not disclose sensitive account information to anyone (including Bitfinex staff), and do not open attachments from suspicious sources.
If you have any inquiries, reach out to Bitfinex Support, we are happy to help!