Highly secure accounts on Ethfinex rely in part on how serious the individual account holder treats his or her own personal security. Users can avoid becoming a victim of compromise by following a few best practices when securing their accounts.
At a minimum, make sure to set your password to a strong, unique password and make sure that your email account is protected by 2FA. These simple security measures alone can make your Ethfinex account quite safe; however, we provide a large number of additional security measures that users can enable to further increase their account security.
Employ any of the 2FA options we offer on your Ethfinex account. You must make a copy of the 2FA secret, or print a copy of the QR code provided during 2FA setup and store it in a safe and secure location, before deleting any digital copy after printing. You should NOT store a copy of the 2FA secret in an insecure location (e.g. cloud storage, email account).
A few additional security measures can significantly decrease the risk of account compromise. For example, IP whitelisting and/or withdrawal address locking. When an account has an IP whitelist, only logins from IPs noted in the whitelist will be permitted access to the account. When an account has specific withdrawal addresses locked, only withdrawals these addresses will be permitted.
Device/ Connection Security
Never use a rooted smartphone. Always connect to your account using only well-protected, trusted network connections - not free, public services. Disable WPS if you have that enabled on your wireless network. Use WPA2 for wireless security. Never use WEP for wireless security.
Always use updated antivirus and malware protection to routinely scan your computers and mobile devices. Never open emails, attachments, or files of any kind from untrusted sources.
What if I lose access to my 2FA or whitelisted IP addresses?
If for any reason you lose the ability to access your 2FA or Whitelisted IP address/es, we can disable them for you only after providing us with ID confirmation. In this instance, a photograph of yourself holding your ID or Passport and a note with reference to the current date, Bitfinex, and your signature.
Can I unlock my locked withdrawals addresses?
Yes. As an automated security measure, a 5-day withdrawal hold will be placed on the account. During this period no withdrawals will be processed. We are able to bypass this hold only after providing us with a photograph of yourself holding your ID or Passport and a note with reference to the current date, Bitfinex, and your signature.
Store Your Private Key
We strongly advise users to store the private keys of (some of) the BTC addresses used to make deposits to their Ethfinex accounts. In some instances, we may ask you to sign a message using one of these addresses in order to establish that you are the legitimate account holder. Note that this is only possible when using a wallet that supports the option to sign messages; e.g., Electrum or Multibit HD but there are many more.
If up until now you have only used other online cryptocurrency services and you do not have access to any of the private keys for input addresses used to make deposits, you should consider making a transaction through a local wallet next time you wish to make a deposit to your Ethfinex account.
To perform this, withdraw BTC from an online service to a wallet you control the private keys of (noted above), then deposit to Ethfinex. If or when needed, you can open your local wallet and sign a message from the address used to make the deposit to your Ethfinex account.
If you stick to these general security guidelines your funds are safe in your Ethfinex account.
Learn more about security by visiting How Secure is Ethfinex?