Highly secure accounts on Ethfinex rely in part on how serious the individual account holder treats his or her own personal security. Users can avoid becoming a victim of compromise by following a few best practices when securing their accounts.
At a minimum, make sure to set your password to a strong, unique password and make sure that your email account is protected by 2FA. These simple security measures alone can make your Ethfinex account quite safe; however, we provide a large number of additional security measures that users can enable to further increase their account security.
Employ any of the 2FA options we offer on your Ethfinex account. You must make a copy of the 2FA secret, or print a copy of the QR code provided during 2FA setup and store it in a safe and secure location, before deleting any digital copy after printing. You should NOT store a copy of the 2FA secret in an insecure location (e.g. cloud storage, email account).
A few additional security measures can significantly decrease the risk of account compromise. For example, IP whitelisting and/or withdrawal address locking. When an account has an IP whitelist, only logins from IPs noted in the whitelist will be permitted access to the account. When an account has specific withdrawal addresses locked, only withdrawals these addresses will be permitted.
Never use a rooted/jailbroken smartphone. Always connect to your account via well-protected, trusted network connections - not free, public services. Disable WPS if you have that enabled on your wireless network. Use WPA2 for wireless security. Never use WEP for wireless security.
Always use updated antivirus and malware protection to routinely scan your computers and mobile devices. Never open emails, attachments, or files of any kind from untrusted sources.
What if I lose access to my 2FA or whitelisted IP addresses?
If for any reason you lose the ability to access your 2FA or Whitelisted IP addresses, we can disable them for you when presented with ID confirmation. This would take the form of a photograph of yourself holding your ID/passport and a note with reference to Ethfinex, the current date and your signature.
Can I unlock my locked withdrawals addresses?
Yes. As an automated security measure, a 5-day withdrawal hold will be placed on the account. During this period no withdrawals will be processed. We are able to bypass this hold only after ID confirmation, which follows the same procedure as above.
If you stick to these general security guidelines your funds are safe in your Ethfinex account.