Your sms is there, your **email\*** is there, your google authenticator is there.
So the best thing would be in the first place to take care of your phone. Don’t leave it unsupervised among people you don’t know. Don’t log into exchanges in crowded places (bus / bus station / concerts etc.)
Use biometric authentication – it can be bypassed but 99% of people don’t know how to do it. On the other hand 100% of the people can unlock your phone if they saw you introducing you password.
Don’t use exchanges on your phone. I know you like to check your portfolio every 10 minutes, but don’t.
Don’t invest more then you can afford to lose.
Don’t keep your crypto on exchanges.
\*This is important because if someone has access to your email it also can use the magic “forgot my password” button.
35 thoughts on “Keep in mind: If someone has your phone it also has your 2FA.”
Best advice I received here was: keep your old phone for Google authenticator.
Glad I have app locker and you need to know the pass to access it.
Is not muck but is a extra layer of security and never is too much
For those that don’t know, Google Authenticator can be setup to require fingerprint if your phone supports it.
Just make sure nobody gets the PIN to your phone, and choose a phone with a TPM/TEE that doesn’t have huge vulnerabilities.
Use Aegis authenticator and encrypt your 2FA so if your phone gets stolen they can’t access it, don’t use SMS 2FA because it is susceptible to SIM swapping, as for email you could put a PIN on your email app, use a strong password on your crypto wallet if possible.
If someone knows you have a lot of crypto they could crack the TEE and decrypt your phone storage but most thieves just format phones and sell them.
Edit: also if you’re just HODLing then don’t put your crypto wallet on your phone, keep the seed written down on paper or metal or whatever and only enter it on your device when you need to use it.
Get one of those screen protectors that block the screen from all other angles except if it’s in front of your face.
>Don’t use exchanges on your phone
Time to use my calculator then
I don’t have a sim on my trading phone. It’s only wifi enabled in a remote location in the jungles of South America
Isn’t this a bit too paranoid with all due respect?
Lmao google authenticator.
If you use 2FA, do your due diligence and note that Google still tracks your activity with the authenticator. Authy is somewhat the same, but on a surface level worse because your backup is a phone number. Yeah, so someone can get your phone number and just port over the 2FA keys.
Get a Yubikey or at the very least use something that respects your privacy just a bit more.
I don’t have a Yubikey because there’s not one that fits my needs entirely, so I use Raivo OTP. There’s others you can use, just check out [they got lots of good recommendations for other things for online usage as well](privacyguides.org)
It’s fine to secure yourself on crypto, but you’d be a fool if you only take finance based on the internet seriously without taking internet security seriously.
Jokes on them cause I don’t use 2fa
I track my crypto using CoinStats. I do NOT link any wallet to it and set it up manually. This keeps me from looking within exchanges.
Don’t forget to set your phone to delete all the data after 10 failed passcode attempts.
Keep in mind folks if: someone has your carkeys it also has access to your car.
Loopring Wallet with social recovery and guardians to access its full security potential.
Best solution imho
Lol this post is ridiculous
Biometrics are nowhere near as secure as Hollywood convinced you it is. A robust password is much safer.
Biometric data is stored. Anything stored is hackable. Hackers are clever and get cleverer all the time. Biometric data isn’t especially difficult to hack.
Plus, if you upload any photos of yourself online ever, or go through an airport, or walk down any street with CCTV, you are basically giving your biometric ‘password’ out for free to the entire world.
Do not give your phone number as well.
They can easily copy your sim and number.
I made this very mistake by trading p2p and using a payment app that used my phone number.
I was blasted by scam messages for the following weeks.
I then added 2fa and auth on binance and email to be safe.
You can also use a separate phone without internet for 2FA, so you get something like a cold smartphone. In any case Pegasus spyware can easily hack any phone and get full access, but if you are a regular person, you shouldn’t bother.
I’m completely safe from getting my 2FA hacked or compromised. I don’t use 2FA. Problem solved…….oh wait
A lot of people underestimate how fuck they will be if they loss or their phone is stolen. I treat my phone like if it was the most valuable thing in my life. Fortunately I have fingerprint added and also 2FA written down and synced in an old mobile just in case.
It honestly blows my mind how many people use their phones with no protection at all for their crypto trading
Not me, because Yubikey.
Depends on how you set it up. In my case they would need to get past two layers of security to access Google Authenticator, and know where to look for it in the first place.
What happeneds if you don’t have your 2FA can you recover your account with ID and email and password?
Invest in a yubikey
Yubikey is the way
Yea and don’t let them know your PIN-code as well, for example, I don’t tell anyone that my PIN-code is 69420.
If you guys are this worried about security, why not get a yubi key? Or just put in on a ledger and get it off the exchange all together
So if you have more than a couple dollars, you should really look into hardware tokens, or at worst an ipod touch that you keep at home.
For most people this won’t matter, but for anyone with significant money, there’s absolutely no reason you need to make impulse decisions while you’re on the go that you couldn’t make at home where you can take a second to be sure, which means your authentication shouldn’t really be on your phone.
That said, it’s kind of a big effort to crack a passcode on a mobile device these days, so even if your phone gets stolen if someone wanted to crack it they’d probably just kidnap you and make you unlock it before they’d try to decrypt it or anything like that. Which is why you sorta probably would be better off not having the keys to everything on you at all times.
That just dawned on me two days ago as I was setting up yet another account
For people who think fingerprints are secure then watch the Kraken video where they show how trivial it is to lift and recreate your fingerprint with wood glue.
If you keep crypto on exchanges then it’s time for a yubikey
” I know you like to check your portfolio every 10 minutes, but don’t.”
10 minutes is for beginners, we prefer 5 minutes maximum
Turn off the notification stuff.
Yubikey authenticator is an option for smartphones. Hacker needs Yubikey as well.
Many, many people don’t seem to realise the fact that you can add a passcode to the Google Authenticator app itself. I’d highly suggest setting it up now if you haven’t already.
Oh yeah, and go to export accounts, screenshot the QR codes, and back that shit up somewhere ASAP. Make note of the date you backed it up too so you know how up to date this export is of your keys. This is such a lifesaver if you lose your phone for whatever reason