CoinTN
Cryptocurrencies do not have insurance protection like bank deposits, and once your account is hacked, your assets may be unrecoverable. Therefore, protecting your Binance account is your top priority. Many people rush to trade after registering on Binance, completely ignoring security settings, which is very dangerous. There are comprehensive security setting features on the Binance Official Website. It is recommended to configure all security options on the official Binance App. Apple users should first check the iOS installation guide to install the app.
Where to Find Binance Security Settings
On the Binance App, click the avatar icon in the top left corner to enter the personal center, and then find the "Security" or "Security Settings" option to see all the security features.
On the web version, hover your mouse over the user icon in the top right corner and click "Security" in the drop-down menu to enter the security settings page.
The security settings page will list all available security features and display the activation status of each. It is recommended that you configure them in order of importance.
Two-Factor Authentication (2FA)
Two-factor authentication is the most basic and important line of defense for account security. Once enabled, logging in or performing sensitive operations will require an additional verification code in addition to entering your password.
Google Authenticator
Google Authenticator is the most recommended 2FA method. It generates a 6-digit verification code every 30 seconds that can only be seen on your phone.
Setup method: Find "Google Authenticator" on the security settings page and click "Enable". Download and install the Google Authenticator app. Use Google Authenticator to scan the QR code displayed by Binance. Enter the verification code to complete the binding.
A very important point is to back up your key. When binding, Binance will display a key string; copy it on paper and keep it safe. If you lose or break your phone, you can use this key string to restore it on a new phone.
SMS Verification
After binding a phone number, you can perform secondary verification via SMS verification codes. Although convenient, its security is not as good as Google Authenticator due to the risk of SIM card hijacking. It is recommended to use it as an auxiliary verification method, not as the only 2FA.
Email Verification
Bind an email address to send verification codes via email. Similar to SMS verification, use it as an auxiliary method. Ensure that your email itself also has strong security measures enabled.
Hardware Security Keys
Binance supports hardware security keys like YubiKey. This is the 2FA method with the highest security level, but it requires purchasing a specialized hardware device. It is suitable for users with large amounts of funds.
Anti-Phishing Code
An anti-phishing code is a combination of letters or numbers set by you, and all official emails sent to you by Binance thereafter will contain this anti-phishing code.
If you receive an email claiming to be from Binance but it lacks your set anti-phishing code, it is very likely a phishing email. This is a very simple but extremely effective anti-phishing measure.
Setup method: Find the "Anti-Phishing Code" option on the security settings page and click "Enable". Enter the anti-phishing code you want to set (it is recommended to use a combination that is easy for you to remember but hard for others to guess). Confirm the setting.
After setting it up, check every email you receive from Binance to see if it has your anti-phishing code. Remember to regularly change your anti-phishing code to increase security.
Withdrawal Whitelist
After enabling the withdrawal whitelist feature, you can only withdraw cryptocurrencies to pre-set addresses. Even if your account is logged into by a hacker, they cannot withdraw coins to their own address unless they can modify the whitelist (which requires passing multiple verifications and a cooling-off period).
Setup method: Find the "Withdrawal Whitelist" option on the security settings page and enable it. Add your commonly used withdrawal addresses (your own wallet addresses, deposit addresses of other exchanges, etc.). Adding a new address each time requires verification and has a certain cooling-off period.
By enabling the whitelist, even if someone obtains your login access, they cannot transfer your coins away in a short period of time.
Device Management
Binance will record all devices that have logged into your account. You can view the device list in the security settings and delete unfamiliar or no longer used devices.
Checking the device list regularly is a good habit. If you see an unfamiliar device logged into your account, change your password immediately and check for any abnormal operations.
Specific operation: Find "Device Management" in the security settings and view all authorized devices. Click "Delete" or "Remove" for unrecognized devices. If an abnormal login is found, change your password immediately and contact customer service.
Login Password Security
Set a Strong Password
Your password must be complex enough: at least 12 characters, including uppercase and lowercase letters, numbers, and special characters. Do not use easily guessable information like birthdays, phone numbers, or names. Do not use the same password as you do on other websites.
Change Password Regularly
It is recommended to change your password every 3 to 6 months. Withdrawals will be disabled for 24 hours after modification; this is a Binance security measure.
Use a Password Manager
It is recommended to use password managers like 1Password or Bitwarden to generate and store complex passwords. This way, you don't need to remember the passwords while ensuring that a different strong password is used for every website.
Address Management
In Binance's security settings, you can manage your withdrawal addresses. It is recommended to regularly clean up old addresses that are no longer used and only keep the currently active ones.
Adding a new withdrawal address requires multiple verifications. If you have enabled the withdrawal whitelist, a newly added address will also require a cooling-off period before it can be used.
Always double-check the address carefully before withdrawing. Cryptocurrency transfers are irreversible once confirmed; if the address is wrong, the money cannot be recovered. It is recommended to do a small test transfer before a large transfer.
Account Activity Monitoring
Binance provides account activity logs that record all operations such as logins, withdrawals, and security setting modifications. Regularly checking these logs can help detect abnormal activities in a timely manner.
In the security settings or account activity page, you can view the login history (including IP address and device information), withdrawal records, security setting modification records, etc. If you see operations that you did not perform, change your password immediately and contact Binance customer service.
Recommended Security Settings Checklist
In order of priority, you should complete the following security settings:
First priority (must do): Enable Google Authenticator, set a strong password, and bind your email. Second priority (strongly recommended): Set an anti-phishing code, enable the withdrawal whitelist, and bind your phone number. Third priority (recommended to do): Regularly check device management, regularly review account activity logs, and consider using a hardware security key.
Completing these settings takes about 30 minutes, but these 30 minutes could help you save tens or hundreds of thousands in assets. Preparation is the key to success, so security settings must be done properly.
Daily Habits for Secure Operations
Do not log into Binance over public Wi-Fi. Public Wi-Fi is easily monitored, and your login information could be intercepted. If you must use it outside, it is recommended to turn on a VPN for an encrypted connection.
Do not log in on untrusted devices. Someone else's computer or phone might have keyloggers or other malware installed.
Do not click on suspicious links. Many phishing attacks steal your login information through spoofed links. Always access Binance from a bookmark or by manually typing the URL.
Frequently Asked Questions
What if I forget Google Authenticator?
If you have backed up the key, you can re-import it on a new phone. If you haven't backed it up, you need to reset Google Authenticator through Binance's account recovery process, which requires submitting identity proof documents and may take a few days.
Why can't I withdraw after changing security settings?
This is a Binance security measure. After sensitive operations such as changing your password or disabling 2FA, the withdrawal function will be temporarily disabled for 24 to 48 hours. This ensures that even if someone gains access to your account, they cannot immediately transfer your funds away.
Is it absolutely safe after enabling all security settings?
There is no absolute security. However, enabling all security settings significantly raises the bar for attackers. Aside from platform settings, your own operational habits are also crucial: do not leak your password, do not click on phishing links, and keep your devices and backup keys safe.
Will Binance call me to ask for a verification code?
No. Binance customer service will never proactively contact you to ask for your password or verification code. If someone calls or messages you asking for this information, it is 100% a scam.
What should I do if I lose my phone?
If you backed up the Google Authenticator key, simply restore it on your new phone. If not, you need to contact Binance customer service to reset your 2FA after identity verification. It is recommended to back up the key in advance and install Google Authenticator on another backup device as well.