Return to blog home

Inicio del blog


COMPANY

MAY 15, 2019

Securing your Gemini Account with WebAuthn

link
011 Securing your Gemini Account

Protecting your crypto is a cornerstone of our mission to build the future of money. We have operated from day one with a security-first mentality and have focused on providing our customers with layered security features to help them protect their Gemini accounts. Simply put, trust is our product.

Today, we’re excited to raise the bar even higher by introducing support for hardware security keys via WebAuthn (“Web Authentication”). You can now use USB security keys (e.g., Yubikeys, Feitian keys, Trezor and Ledger hardware wallets, etc.), MacOS TouchID, and even Windows Hello as your two-factor authentication (2FA) method when signing in to your Gemini account. Gemini is the world’s first crypto exchange and custodian to support the WebAuthn security protocol.

Using hardware security keys via WebAuthn to secure your Gemini account provides hardware-backed, cryptographic proof that it is you (and not someone else) signing in to your Gemini account — this prevents someone else from signing into your Gemini account even if they have your password. Using hardware security keys via WebAuthn also ensures that you only submit your two-factor credentials to the actual Gemini website and not a malicious website pretending to be the Gemini website.

Advanced Security Protection

Recently, we published a blog post outlining best practices for securing your Gemini account. We encourage you to read it if you have not already done so.

We’ve added many layers of security throughout the years to help you keep your digital assets safe. Since our launch in 2015, we have always required 2FA for all account sign ins; this has never been an opt-in security feature. We use the Authy app for 2FA, which either generates a secure 7-digit code on your mobile device or sends a code via SMS (Note: We encourage you use the Authy app for 2FA rather than SMS). This code is required when signing in to your Gemini account and when performing high-risk actions, like withdrawing your crypto.

But even with 2FA enabled via Authy, an attacker can stand up a website that looks just like Gemini, and ask for your username, password, and 2FA codes. Once divulged, your credentials can be used to access your Gemini account and ultimately withdraw your crypto. To mitigate this risk, we require additional email verification when you sign in from a new device. We also added support for Authy Push last year, which means that customers who have the Authy app installed will automatically receive a push notification that contains transaction details and requires confirmation every time they make a crypto withdrawal attempt. Furthermore, Authy Push will surface inconsistencies in a withdrawal in the event your computer is infected with malware.

Two weeks ago, we released a self-service tool called Withdrawal Address Whitelisting. When enabled, your crypto may only be withdrawn from your Gemini account to specific crypto addresses (submitted and approved by you).

Securing your Gemini Account with WebAuthn

You can register hardware security keys by going to your account security settings page (you must be logged in). If you have more than one hardware security key, you may register multiple keys for added redundancy. When you register multiple hardware security keys, we’ll give you the option to exclusively use your hardware security keys for signing in to your Gemini account, which will disable 2FA codes sent via Authy or SMS. Withdrawals will continue to require Authy Push notification (or an SMS code) to confirm.

Authy Push, Whitelisting, and today’s announcement of WebAuthn, give you the advanced tools you need to secure your Gemini account. We will continue to strive to be the most secure place for you to buy, sell, and store your crypto today and tomorrow.

Onward and Upward,

Team Gemini

ARTÍCULOS RELACIONADOS

EU Travel Rules

INDUSTRY

DEC 30, 2024

Gemini’s Commitment to the EU Market and Compliance with the EU Travel Rule

12202024 CHILLGUY gemini blog 1280x720 (1)

COMPANY

DEC 23, 2024

Just A Chill Guy is Now Available on Gemini

Gemini Derivatives Update (Generic)

DERIVATIVES

DEC 20, 2024

Delisting of the MATIC/GUSD Perpetual Contract on Gemini’s Non-US Crypto Derivatives Platform

MÁS DE TEAM GEMINI

Ver todo

EU Travel Rules

INDUSTRY

DEC 30, 2024

Gemini’s Commitment to the EU Market and Compliance with the EU Travel Rule

12202024 CHILLGUY gemini blog 1280x720 (1)

COMPANY

DEC 23, 2024

Just A Chill Guy is Now Available on Gemini

121924 Blog Cover

WEEKLY MARKET UPDATE

DEC 19, 2024

Federal Reserve Cuts Rates, but Bitcoin Pulls Back Below $100K After Powell's Comments on BTC Reserve

Una manera simple y segura de comprar y vender criptomonedas

Opera con bitcoin y con otras criptomonedas en 3 minutos.