As computers, smartphones, and internet usage has exploded across the globe, more and more people are becoming aware of how much they rely on internet-connected devices and systems in their day-to-day life–and how important it is to protect these digital extensions of their life. And all too often, we don’t take enough action to protect ourselves online until it’s already too late.
Few people understand the importance of online security more than cryptocurrency users. From crypto’s earliest known theft, when BitcoinTalk user allinvain reported a loss of about $500,000 in BTC in 2011 due to a hacked hard drive, to the 2018 CoinCheck hack when thieves obtained the private keys for $530 million of crypto stored on a “hot” wallet–theft has been an ever-present specter in the cryptocurrency world.
Account Takeovers: When You’re Protected, and When You’re Not
A hack is a real risk for anyone who conducts part of their life online, but they’re especially threatening to cryptocurrency users. Traditional banks dealing in fiat currency have plenty of drawbacks–but they do offer consumers some vital protections.
For example U.S. laws cap liability for unauthorized debit or credit card transactions at $50; this may be one reason why criminals are increasingly turning to account takeover scams. Scams where hackers seize control of bank accounts using stolen login credentials and initiate charges and transfers. But even in these cases, U.S. law protects consumer liability. Even if the bank itself fails and can’t pay out legitimate customer withdrawals, government-issued FDIC insurance protects up to $250,000 for each account.
Cryptocurrency custodians aren’t legally required to extend any similar consumer protections. And that can make cryptocurrency hacks and thefts particularly devastating to their victims. Not only that, but crypto fraud is on the rise; one study concluded that scammers gained a whopping $1.7 billion from crypto-related cyber-crimes in 2019.
While crypto theft, unfortunately, comes in many forms, one of the most popular is phishing. In 2018, scammers directed users to “spoofed” (legitimate-looking) login pages to wallet provider Blockchain.info using Google Ads campaigns, capturing wallet login info and stealing over $50 million from users. Those crypto transfers can’t be reversed, and victims aren’t legally entitled to any repayment for lost funds from their wallet provider.
The Role of Multi-Factor Authentication
If you’re a crypto user–or anyone with an online presence–then digital security is a must. And one of the most basic and accessible security tools out there is multi-factor authentication (MFA). Two-factor (2F) or multi-factor authentication is hardly a new idea. Putting a debit card into an ATM, for example, is not enough to get your cash–instead, it is often a multi-step process. After all, anyone could have gotten their hands on your debit card–which is why the ATM also needs your PIN. Multi-factor authentication is just a term for any security that makes users confirm their identity in more than one way, which makes stealing that identity far more challenging.
You might encounter multi-factor authentication the most in your day-to-day life when you forget a password. Since usernames and email addresses are easy to guess or find online, your account provider might have you answer security questions, or verify codes sent through texts to your on-record phone numbers.
But MFA isn’t used every time you log into a platform. If you’re just the average device and internet user, then you probably aren’t using MFA frequently. Unfortunately, that makes you vulnerable to account takeover. Account takeovers often begin through successful phishing attempts. And because it only takes one spoofed email or search result click to lose your account information to phishers, even the security-conscious individuals among us can fall prey to phishing. Account information may also wind up in someone else’s hands thanks to data breaches or other malicious behavior.
Multi-factor authentication creates a roadblock for hackers–even after they’ve successfully stolen your login information. That roadblock could be requiring answers to a security question, inputting a code texted to your cell phone number, or even biometric data such as fingerprint scans.
Amplify’s Security Measures
Among the security measures we take at Amplify, our account login process will include support from the Google Authenticator app. That means that when traders login to Amplify, they’ll need more than just their username and password. They’ll also need a one-time password generated by the app installed on their phone. Because the password is regenerated for every login, it’s impossible to discover it without having access to your personal device. That means that even if your Amplify login credentials are stolen, you’re still protected from account takeover thanks to Google Authenticator.
Is multi-factor authentication enough to entirely protect you online? The answer is no–but it’s a good start. MFA is a vital and user-friendly component of a comprehensive security strategy; that strategy should also include practices such as using different passwords for every account, only using secure wifi connections, and changing passwords regularly. Before getting started with a crypto exchange or wallet, it’s crucial that traders implement robust security measures–and multi-factor authentication is a critical first step.