Keeping your account secure is very important and there are some simple steps that can be taken to help keep your account safe. The information below includes tip and information that will help you keep your account secure.
Avoid Being Phished
- Manually type https://www.bittrex.com into your browser
- Never click links from unknown sources, it is always preferreble to manually visit the site by typing the URL into your browser.
- Never use a search engine to locate Bittrex, search engines sell advertisements which may be placed by hackers to trick you into entering your information into a fake site that looks like Bittrex
Secure your account
- Enable Two-Factor Authentication on your Bittrex and Email Accounts
- Avoid SMS two factor where possible, Google Authenticator is a better option if available
- Use a unique complex passwords for your accounts
Take steps to secure your phone
- Ask your phone provider about their security options, for example, disable allowing account changes over the phone or have your phone number locked to your SIM card. Some phone companies will allow you to set a password/PIN on your account that must be provided before making changes online, over the phone, or in person. If you have this option, use it.
- Avoid installing unknown software on your phone. Unknown software may include malicious software created to steal your information.
Gmail, Yahoo and other email services
- Disable password recovery via SMS/phone service. Disable all password recovery options for maximum security. Watch this video to see how easily your account is compromised with SMS recovery (ignore the phishing part).
- One time use recovery passwords are fine but keep them printed and offline.
- Make sure your stored emails or online shared drive services do NOT contain any extra information such as passwords or social security numbers.
- Use different email addresses where possible. This limits the ability for hackers to run their automated “Forgot my password” links.
- Configure two-factor where available
- Make note of which online services use SMS as a 2FA method. Assume these can be compromised despite your best efforts.
- Make note of which online services do not allow you to change your email address.
In the event of a hack
- Disable your account - You will receive a logon notification email. This email includes a link to immediately disable your account.
- Open a support ticket with as much detail as you can provide.
- In the event funds were stolen you can file a FBI report. They have resources to co-ordinate and investigate these reports. Bittrex can provide logon history information for your account upon request.