Written by: Wang Fuguier

I have seen a lot of thefts recently. It seems that the platform has taken responsibility and paid compensation one by one. However, users themselves should also take the initiative to improve the security level of their accounts. After all, the money is their own. Our ancestors said, "A gentleman does not stand under a dangerous wall." To put it bluntly, it means to prevent the possibility of risk from happening, rather than reducing the losses caused by the risk after it occurs by "repairing the fence after the sheep have been lost." Taking the initiative to avoid risks is the most advanced risk management method.

No matter how much money you have, you should divide it into at least two parts. If you can put it in two different platforms, that’s the best. If you only use one platform, you should at least put it in two accounts.

Not using simple passwords may seem useless and redundant, but it is actually the most important. First of all, you must use a combination of uppercase and lowercase letters + symbols. Many platforms have already made this mandatory, but there are also platforms that allow you to set passwords without uppercase and lowercase letters or symbols. It is recommended that you set a password of sufficient strength according to this rule even when logging in to a website, registering an email account, or playing a game.

Do not reuse passwords. You may think that the security level of the trading platform is high enough and your password will not be leaked. However, now you need to register for a website or an application, but not all websites provide perfect security protection for users. Maybe the password you registered for an online love action movie is applicable to all your accounts. If the website does something malicious or has security problems, won't all your accounts be exposed?

Traditional financial institutions are more thorough in changing passwords regularly, and their constant reminders are often annoying. But the fact is that traditional finance not only recommends this to users, but also requires it for their employees to log in to the system, and even previous passwords cannot be used again. You don't know when your password will be obtained, nor when an attack will be launched, so don't be afraid of trouble, change your password regularly to prevent all this from happening.

Third-party application authorization Whether it is Twitter, Discord, or even various platforms, when connecting to a third party, you will often encounter third-party authorization requests. First, carefully read the authorization permissions and do not give too high permissions. Secondly, remove third-party authorization in time, remove it after use, and authorize it next time. Finally, if you have to go online, be sure to use a backup account and don't take risks with your main account.

Regularly browse login records and check device management. Not only should you remove devices that you did not add in time and pay attention to information that you did not log in, but you should also remove devices that you no longer use to avoid risks due to loss, repair, or sale. Perform the same operation in the security options of the mailbox.

Control API permissions. If you don’t need to use the API, don’t use it. If you have to use it, strictly control the API permissions. It is said that the API in this incident even obtained the permission to withdraw money. At the same time, you should also check the API regularly, and delete the high-authority API that is not set by you in time.

Be sure to enable identity authentication, that is, Google Authenticator GA is also very convenient to use, there is no reason not to enable it, just increase the security level to the maximum. The victims of this incident seem to have generally not enabled GA. It should be noted that when downloading Authenticator, there will be various small workshop products, and you must identify the developer - Google.

Do not enable cloud sync for Google Authenticator and just click on the small cloud in the upper right corner.

Just remember your key the same way you remember your wallet's key and mnemonics by handwriting Google Authenticator's key. Remember to back it up several times in case you hide it too secretly and you can't find it yourself.

Google Authenticator is isolated from the transaction device and GA is placed directly on another offline mobile phone. This device will never be connected to the Internet, so although it is called a mobile phone, it is actually a mobile phone-style security code device.

Isolate the devices where your email and mobile phone numbers are located. If possible, try to distribute them on multiple devices. Don't think it's troublesome. Keep isolating devices and it won't add a lot of costs, because an iPhone 10 now costs less than 1,000 yuan.

Keep a low profile! This is very important. Unless necessary, do not let anyone around you know that you are trading cryptocurrencies.