How to secure your account (MFA)

You can reduce your risk of lost funds and data with a few simple practices.
You must enable MFA before connecting your exchange accounts to Cryptowatch.
This guide will show you how to use Multi-factor Authentication (MFA) to secure your Cryptowatch account. Below are also some general security guidelines that you can apply to any online services you use.

Using Multi-factor Authentication (MFA, or 2FA)

Multi-factor authentication is a security practice that requires an additional "factor" to login. The first factor is typically your account's password — the second could be a code from a mobile phone or a dedicated hardware device.
Cryptowatch supports two forms of multi-factor authentication: TOTP (Mobile device) and U2F (Yubikey or similar).

Mobile Device (TOTP)

TOTP authentication uses your mobile device to generate a new, multi-digit code at regular intervals. This makes regular login attacks impossible unless the attacker has access to your mobile device. Be aware of phishing sites. A fake login page can trick you into providing the attacker with your MFA code while it is still valid.
Setting up TOTP authentication is simple. Follow the steps on the Security page of your account to set up in a few minutes. You will need an iOS, Android, or similar device. Cryptowatch users are provided with recovery codes when setting up TOTP.

Hardware Device (U2F)

U2F authentication uses a dedicated hardware device (i.e. Yubikey) to generate and validate a challenge-response in real time when you make a login attempt. This makes regular login attacks impossible unless the attacker has your physical hardware device.
Setting up U2F authentication is simple. First, you will need a Yubikey or similar hardware device. Then, follow the steps on the Security page of your account by clicking "Add new security key."
If you use U2F authentication and have lost access, please contact support.

General Security Guidelines

Many of the common hacks that target crypto traders and investors are simple to counter with some basic security practices.

Here are a few tips:

Use unique, long passwords for every online service
An easy way to generate long random passwords is to come up with 5-6 words and connect them with random numbers and symbols.
Do not use SMS text messages as an MFA/2FA method.
There are many well-documented examples of hackers gaining control of a cell phone number and using it to access the owner's bank accounts and crypto exchanges.
Save and safely store your recovery codes
When using TOTP (mobile device) and U2F (hardware key), you are often given recovery codes for regaining access to your account if you lose either device.
Ensure your email accounts are very secure
You use your email to reset your password and recover your account for many other services. So, if an attacker gains access to your email account, it's much easier for them to access your other accounts.