How to secure your account (MFA)
You can reduce your risk of lost funds and data with a few simple practices.
This guide will show you how to use Multi-factor Authentication (MFA) to secure your Cryptowatch account. Below are also some general security guidelines that you can apply to any online services you use.
Multi-factor authentication is a security practice that requires an additional "factor" to login. The first factor is typically your account's password — the second could be a code from a mobile phone or a dedicated hardware device.
Cryptowatch supports two forms of multi-factor authentication: TOTP (Mobile device) and U2F (Yubikey or similar).
TOTP authentication uses your mobile device to generate a new, multi-digit code at regular intervals. This makes regular login attacks impossible unless the attacker has access to your mobile device. Be aware of phishing sites. A fake login page can trick you into providing the attacker with your MFA code while it is still valid.
Setting up TOTP authentication is simple. Follow the steps on the Security page of your account to set up in a few minutes. You will need an iOS, Android, or similar device. Cryptowatch users are provided with recovery codes when setting up TOTP.
U2F authentication uses a dedicated hardware device (i.e. Yubikey) to generate and validate a challenge-response in real time when you make a login attempt. This makes regular login attacks impossible unless the attacker has your physical hardware device.
Many of the common hacks that target crypto traders and investors are simple to counter with some basic security practices.