Two Factor Authentication (2FA)
2FA ensures that even if an attacker manages to guess or steal your password, he cannot access your accounts without being in possession of the second form of authentication as well, making the password alone useless.
It is extremely important to have two factor authentication (2FA) turned on for all your important accounts, and your crypto exchange is right there at the top, along with your stock exchange account, your bank account (usually requires a certificate or OTP by default, which serve as 2FA), your email account and your Google account, to just name a few.
Our favorite form of 2FA is definitely a physical authentication device such as Yubikey. It is phishing resistant unlike TOTP/Google Authenticator and it is much harder to compromise than SMS/Voice call methods, if not impossible. If you however do not wish to get the said device and would prefer a free solution, then a phone app such as Google Authenticator, or authentication code by SMS will do as well (though SMS has been proven to be less secure than the aforementioned options). Some exchanges also offer sending a 2FA code by email, but if your email account has been compromised along with your computer and potentially your password, then that might not be the best option (in fact, it would be pretty bad).
Two factor authentication devices and applications:
- Yubikey (best and phishing resistant)
- Authenticator app on your mobile phone (good, but not phishing resistant)
- 2FA code sent to your mobile phone number over SMS (generally adequate, but is not phishing resistant and can potentially be compromised by an experienced attacker)
- 2FA code sent to your email address (least good and not phishing resistant, would advise against it)
Any and all options mentioned above, even the “bad ones”, are better than only using a password.