Security Announcement - Keeping Your Account Secure

Keeping your account secure is very important and there are some simple steps that can be taken to help keep your account safe.  The information below includes tip and information that will help you keep your account secure.

Avoid being phished

  • Manually type https://www.bittrex.com into your browser.
  • Never click on links from unknown sources.
  • Never use a search engine to locate Bittrex. Search engines sell advertisements that may be placed by hackers to trick you into entering your information into a fake site that looks like Bittrex.

Secure your account

  • Enable Two-Factor Authentication on your Bittrex and email accounts.
  • Avoid SMS two factor where possible. Use Google Authenticator or other device-based one time password authentication.
  • Use a unique and complex passwords for all your accounts.

Take steps to secure your phone

  • Ask your phone provider about their security options. For example, disable allowing account changes over the phone or have your phone number locked to your SIM card. Some phone companies will allow you to set a password/PIN on your account that must be provided before making changes online, over the phone, or in person. If you have this option, use it.
  • Avoid installing unknown software on your phone.  Unknown software may include malicious software created to steal your information.

Gmail, Yahoo and other email services

  • Disable password recovery via SMS/phone service. Disable all password recovery options for maximum security. Watch this video to see how easily your account is compromised with SMS recovery.
  • One time use recovery passwords are fine, but keep them printed and offline.
  • Make sure your emails or online storage services do NOT contain any extra information such as passwords or social security numbers.

Online services

  • Use different email addresses where possible. This limits the ability for hackers to use automated  “Forgot my password” links.
  • Configure two-factor authentication on all accounts that provide the functionality.
  • Make note of which online services use SMS as a 2FA method. Assume these can be compromised despite your best efforts.
  • Make note of which online services do not allow you to change your email address.

In the event of a hack

  • Disable your account - You will receive a logon notification email.  This email includes a link to immediately disable your account.
  • Open a support ticket with as much detail as you can provide.
  • In the event funds were stolen, you can file a FBI report. They have resources to co-ordinate and investigate these reports.  Bittrex can provide login history information for your account upon request.

 

Was this article helpful?
3 out of 7 found this helpful
Have more questions? Submit a request