How do I secure my exchange account?

Published on 12 June 2024Updated on 9 Dec 20246 min read307

The security of user funds and assets is the foremost priority on our platform. Not only have we established sophisticated security systems for our internal wallets, but we also provide industry-leading security features and tools for our users.

We have several security features that can help users secure their digital assets on our platform:

  • Login password

  • Email verification

  • Authenticator app

  • Mobile verification

  • Face verification

  • Passkey

  • Anti-phishing code

What am I securing my account from?

Cryptocurrency enables fast, global transactions without central oversight, making it unique and powerful. However, these transactions are final and cannot be reversed, unlike credit card payments. This means if crypto assets are stolen, recovery is almost impossible—making crypto accounts attractive targets for thieves.

Without adequate security, an unauthorized user could steal your funds with no chance of recovery. To protect your assets, we offer advanced security features and encourage vigilance against phishing attacks, which are among the biggest threats to crypto users.

Phishing attacks occur when an attacker pretends to be a trusted source, often using fake URLs, emails, or SMS messages to get you to share sensitive info. They aim to cause panic, using urgent messages like "suspected money laundering" or "account restriction."

Example:

Note: these are real SMS messages our users receive. Phishing attempts may also arrive via email or from other sources.

Attackers often try to cause panic with alarming messages, claiming things like suspected money laundering or account restrictions to get you to share login info. However, their URLs don’t match our official links.

If you get a suspicious message, don’t panic. First, verify it using our Channel Verification tool to check the email, phone number, or URL. Then log in through our official URL and contact OKX Support with a screenshot.

Our security features protect against threats, but it’s essential to stay vigilant. Always ensure you’re on OKX.com before entering sensitive info, and avoid clicking login links in emails or SMS.

The process of setting up these measures starts at sign-up. If you don’t already have an account, you can visit the sign-up page or follow the instructions below.

Learn more about phishing attacks and how you overcome them here.

How do I set up security for my account?

1. Sign up for a new account on OKX

Navigate to our homepage and select Sign up, located in the top right corner.

Along with particulars such as your email address or phone number, you'll also be required to enter a password to secure your account.

The password should be 8–32 characters long, and include a number, a lowercase letter, an uppercase letter and a special character. Once done, select Sign up to proceed.

In the example above, we use an email address to create a new account. After you select Sign up, you'll receive a verification email from us to the address you provided. Check your email for the six-digit verification code, enter it in the required field, and select Continue to complete the registration process.

2. Go to the security settings page

Once you sign in to your account, you can hover over the profile icon at the main menu. A dropdown menu will be displayed, and you can select Security settings to proceed.

We provide a variety of security measures to protect your account. You can review the completed and pending security items under the Security option.

3. Activate security features

Our users can secure their funds by activating the various account security measures shown on the Security option. Currently, there are six security features available to users, with the first two being the use of an account password and the account verification email mentioned above. The other four security features are:

  • Authenticator app

Authenticator apps are free software authenticators that add extra security to online accounts. The most popular example is Google Authenticator, which is widely used to generate time-based, one-time codes. Our users who activate their authenticator are required to provide confirmation codes when withdrawing funds or making changes to the security settings of their accounts.

To activate your authenticator app, you can learn it from here.

  • Mobile verification

The mobile verification feature allows users to receive codes on their mobile devices to confirm fund withdrawals, password changes and changes to other settings.

For more details, you can learn about it here.

  • Face verification

The face verification system enhances user security through precise verification checks, including liveness detection and face comparisons. These measures provide an added layer of safety for account activities and user authenticity.

This step takes place during identity verification and high risk scenarios, where it matches your live image with the one provided for identity verification during your onboarding stage to ensure consistency.

  • Passkey

Enhance your account security by creating a passkey using Face ID or fingerprint recognition. This added layer of protection makes accessing your account safer and more convenient.

For detailed instructions on setting up a passkey, visit here.

  • Anti-phishing code

An anti-phishing code protects users from email phishing attacks — like those described earlier — by helping them authenticate emails sent by us. Select the Anti-phishing Code option under the Advanced Security section on the Security option and create any code of your choice. Once done, select Get code for SMS verification, enter the received code or the one provided by your authenticator app, and select Confirm to proceed.

You can review your anti-phishing code settings on the same page as well.

Your anti-phishing code will appear in all email communications from us, which will assure you of the email’s authenticity.

4. Review your security settings

As you complete the setup for any of the security features discussed above, they're displayed under the Authentication methods and Advanced security on the Security option on the User Center page. You can then review the settings for each feature, change them or turn them on or off, as desired.

Given how digital assets have no central issuing authority, they're vulnerable to hacking and theft. It's recommended that users take all necessary precautions, including using these security features and ensuring that their devices are free from malware and viruses.