Jul 14, 2020
Gemini Becomes First Crypto Exchange to Support Hardware Security Keys on Mobile App
Today, Gemini is excited to become the first crypto exchange to introduce support for hardware security keys across both Android and iOS mobile devices via WebAuthn. Gemini customers can now use USB and near-field communication (NFC) security keys to securely sign into the Gemini Mobile App.
Hardware security keys provide the strongest level of protection when authenticating to your Gemini account by delivering hardware-backed, cryptographic proof of your identity. They ensure that only the holder of the physical hardware key can gain access to an associated account, even if an attacker has compromised your password or successfully executed a SIM-swap attack on your mobile device. This mitigates the risk posed by phishing, person-in-the-middle, and replay attacks that rely on stolen passwords or one-time password (OTP) codes.
To help our customers take advantage of this new offering, we have partnered with Yubico — maker of the popular hardware security key, YubiKey. Along with existing platform authenticators (e.g. TouchID and Windows Hello), YubiKeys provide a secure, cross-platform solution you can use to access your Gemini account via our Mobile App, as well as any other sites that support WebAuthn. You can learn more about our partnership with Yubico on the Works With YubiKey web page.
In order to exclusively rely on hardware security keys and disable Authy/SMS based authentication, you will need to register at least two hardware keys, including one supported by your mobile device. This could include a platform security key such as MacOS TouchID or Windows Hello and a cross-platform hardware security key such as a YubiKey. To learn more about selecting and using the right security keys to access your account, refer to Gemini’s support documentation and instructional video.
Our security and engineering teams continue to prioritize new security features in order to provide the best and most secure user experience possible. We look forward to sharing more exciting security-focused announcements in the coming months. Come join us if you’re passionate about cryptocurrency and blockchain-related security challenges.
Onward and Upward,
Dave Damato, Chief Security Officer