Account and security

Bitget Account security best practices

2024-12-12 03:0901325

NOTICE:

Protecting the security of your Bitget account is a shared responsibility. While Bitget always prioritizes user security and implements robust, up-to-date security measures, users should also cultivate good security practices when accessing their accounts.

To safeguard your Bitget account and enable safe transactions, please follow these recommendations.

1. Always use two-factor authentication (2FA)

1.1 What is two-factor authentication (2FA)?

Two-factor authentication (2FA) is a security process requiring two different authentication factors to verify your identity These factors can include Password, SMS, Google Authenticator, Passkey, or a combinations of factors. This dual-factor approach enhances account security and reliability.

1.2 What two-factor authentication methods are supported?

We currently offer three 2FA options: SMS, Google Authenticator, and Passkey. These can be configured in the Security section of the Bitget app or website.

Bitget Account security best practices image 0

We strongly recommend using Google Authenticator and Passkey. While SMS is convenient, it may expose your information to risks like SIM card hijacking or unauthorized app access to SMS content.

1.3 How to set up Google Authenticator

1) Download and install the Google Authenticator app:

  • For iOS users: Search for "Authenticator" in the App Store.
  • For Android users: Search for "Google Authenticator" in your app store or mobile browser.

2) Navigate to Security, click Configure, and follow the instructions to complete the setup.

Bitget Account security best practices image 1

We recommend that you back up and securely store your Google Authenticator key offline, so you can recover it in case the Google Authenticator app becomes unavailable.

Bitget Account security best practices image 2

Note: The new version of Google Authenticator supports cloud synchronization. We do not recommend enabling the cloud synchronization feature due to potential risks of key leakage.

Bitget Account security best practices image 3

1.4 How to set up Passkey

1) Website: Log in to https://www.bitget.com/.

Mobile: Download and install the latest version of the Bitget app.

Due to browser, operating system, and hardware limitations, we cannot guarantee successful Passkey setup and usage on all devices. We recommend completing these steps on a mobile device running iOS 16 or Android 9 or later.

2) Before setting up Passkey, ensure you have already set up Google Authenticator.
Bitget Account security best practices image 4

3) Click Configure. Follow the instructions to bind your Passkey.

Bitget Account security best practices image 5

Review and agree to the security verification agreement.

Bitget Account security best practices image 6
Select your preferred verification method and complete the process. Bitget Account security best practices image 7

Note:

Google Authenticator is required when setting up Passkey.

If Fund code has been set up and enabled, you will need to verify it again.

Bitget Account security best practices image 8

The same instructions apply for mobile devices.

Bitget Account security best practices image 9 Bitget Account security best practices image 10

When adding Passkey, you can select from various types of security keys. For external security keys (e.g., YubiKey), insert the device and follow the prompts to complete verification by touching the YubiKey.

Bitget Account security best practices image 11 Bitget Account security best practices image 12

2. Set up Fund code and PIN code

2.1 What are Fund code and PIN code?

Fund code: A passcode set by the user, used for confirmation during actions like setting up 2FA, modifying 2FA, and making withdrawals.

PIN Code: A passcode set by the user, used for confirmation in trading scenarios such as spot trading and Bitget Pay.

Bitget Account security best practices image 13

2.2 How to set up Fund code

Navigate to your user profile > Security > Fund Code and follow the prompts to set up your Fund code.

Bitget Account security best practices image 14

2.3 How to set up a PIN code

Navigate to your user profile > Security > PIN Code and follow the prompts to set up your PIN code.

Bitget Account security best practices image 15

Note: Google Authenticator is required when setting up the PIN code.

Notice: After setting the PIN code, it will not be immediately activated for transactions. To enable it for verification in spot trading, manually toggle the switch in Trade > More (...) > Set PIN Code.


Bitget Account security best practices image 16

3. Set up anti-phishing code

3.1 What is an anti-phishing code?

The anti-phishing code is a security feature provided by Bitget to help users identify phishing websites. Once enabled, all official emails and SMS messages (excluding SMS verification codes) from Bitget will include this code. Phishing emails and SMS messages will not include the anti-phishing code, making it easier for users to verify if the communication is from Bitget's official channels.

3.2 How to set up an anti-phishing code

Navigate to your user profile > Security > Anti-Phishing Code and follow the prompts to set up your anti-phishing code.

For more information about anti-phishing codes, visit the following link


4. Enable cross-device withdrawal verification and cancel withdrawals

4.1 What is cross-device withdrawal verification and cancel withdrawals

Cross-device withdrawal verification is a security feature designed to prevent unauthorized changes to your withdrawal address caused by traffic hijacking when performing withdrawals on the website. To enable this feature, you must confirm your withdrawal address on the Bitget mobile app by scanning a QR code. Only after this confirmation will the withdrawal request be approved.

The Cancel Withdrawals toggle is enabled by default. When enabled, it allows you to cancel withdrawal requests within 1 minute of initiating them.

4.2 How to enable cross-device withdrawal verification

Note: This feature can only be enabled or disabled in the latest version of the Bitget app. Ensure you have updated to the latest version before proceeding.

Navigate to User Center > Security > Withdrawal Settings and enable cross-device withdrawal toggle.

Bitget Account security best practices image 17 Bitget Account security best practices image 18

5. Regularly review devices with access to your account

To view the devices you've logged in from, click on your avatar > Security > Trusted Device Management.

Bitget Account security best practices image 19

Regularly review the list of devices with access to your account. If you notice any unfamiliar or unused devices, remove them immediately.

Bitget Account security best practices image 20

6. Maintain good account usage habits

6.1 Use strong passwords and change them regularly

Choose complex passwords that include a mix of letters, numbers, and symbols:

  • Use long passwords: At least 12 to 16 characters.
  • Include various character types: Combine uppercase and lowercase letters, numbers, and special symbols.
  • Avoid common words: Steer clear of easily guessable words or sequences.
  • Use passphrases: Consider using a string of random words or a memorable sentence.
  • Avoid reusing passwords: Ensure each account has a unique password.

Regularly change passwords:

  • Change your passwords regularly to reduce long-term exposure risks.

6.2 Ensure your internet connection is secure

This includes your Internet Service Provider (ISP) and any software services you use. Avoid using public Wi-Fi or shared networks whenever possible, as they pose risks of data interception by attackers. If you must use public Wi-Fi for transactions, check your browser to ensure the connection is secure.

If the connection is insecure, avoid entering your account credentials and switch to a secure device or network immediately.

6.3 When logging in via QR code, ensure the website matches the login address

When logging in via QR code, ensure that the login URL matches the address in your browser's address bar. Additionally, verify the IP address, login location, and device information.

Bitget Account security best practices image 21 Bitget Account security best practices image 22

6.4 Enable facial recognition and set the app's auto-lock time

If you use your phone for 2FA authentication or other sensitive activities, it is essential to protect your device. Enable facial recognition in the app and set the auto-lock timer based on your preferences when the Bitget app is closed for a period of time and reopened, facial verification will be required.

Bitget Account security best practices image 23

Notice: Facial recognition and passkeys are independent features and unrelated to each other.

6.5 Install antivirus software

Install reliable antivirus software to protect all your devices. Regularly scan your system and files, block common threats such as viruses and malware, and fix system and application vulnerabilities. Ensure your antivirus software is always up to date to guard against the latest cyber threats.

6.6 Download software from trusted sources

Always download applications and programs from trusted official sources, and avoid clicking on links or installing software shared by unknown or untrusted individuals. Cybercriminals often aim to trick users into downloading malware, which can create a "backdoor" on your device. Malware may disguise itself as an application, such as popular games or apps for traffic or weather updates, or it may be hidden on malicious websites attempting to install it without your consent.

Malware can harm your device by disrupting the way it operates, stealing personal data, or granting unauthorized access. While malware often requires user action, some websites engage in "drive-by downloads," which attempt to install software on your computer without permission. When visiting a new website or downloading content to your content, always ensure that it comes from trusted or official sources. Regularly review your download folder, and immediately delete any unknown files that may have been installed unintentionally through drive-by downloads.

For added security, consider using a dedicated device exclusively for sensitive or confidential accounts.

6.7 Protect personal information and avoid phishing and social engineering attacks

The people you interact with online may not always be who they claim to be. In fact, they may not even exist. Creating fake profiles on social media is a common tactic hackers use to deceive unsuspecting users and steal their personal data. Exercise the same caution in online interactions as you do in real life.

Be aware that any comments or images you post online may remain accessible forever, even if you delete the original copy. Therefore, avoid sharing personal information online, as this could be exploited by hackers conducting phishing or social engineering attacks.

Always verify the emails you receive and the websites you log into. Many successful attacks involve fake websites, emails, or messages from services where you have accounts. Malicious browser extensions and applications are often used to compromise accounts or wallets.

When you install browser extensions or applications, they may gain full access to your browser or device, potentially enabling unauthorized access to your online accounts, including trading accounts and personal wallets.

Choose browser extensions and applications carefully, especially those related to cryptocurrency or claiming to enhance crypto security. Stick to well-known, reputable options, and remain vigilant about potential security risks.

Make it a habit to verify the URLs of websites you visit and the sources of emails you receive.

6.8 Regularly follow Bitget's official announcements for the latest security updates

Stay updated with our latest security updates through Bitget's official website and the Bitget app.

You can also keep up with Bitget's latest developments on platforms such as Telegram, X, Instagram, YouTube, TikTok, and Facebook.

If you're unsure about the authenticity of a publisher, you can verify its identity through Bitget's official verification channel.

Bitget Account security best practices image 24