Security
Security recommendations
- Two-factor authentication is highly recommended. See the "Two-Factor Authentication" section below.
- Lock withdrawals when a new IP address is used to log into your account in the "Withdrawals" section
- Setup a withdrawal confirmation phrase in "Withdrawals" section
- Lock or disable withdrawal addresses for all currencies in the "Withdrawals" section
- Enable PGP email encryption in "Email Encryption" section
- Disable "Keep Session Alive" if you are using a public computer or prefer to not have a more persistent session.
- Limit access to your account based on IP address in "Session" section
Email Encryption with OpenPGP
Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for data communication. It uses a variation of the public key system. To use PGP with Bitfinex email communication, please provide your PGP public key below. PGP on Wikipedia
Using Two-factor authentication is highly recommended.
Please consider our available options for increasing the security of your account. We want to give you every opportunity to be confident that your account is secure.
If you enable multiple 2FA methods, the precedence goes left to right. U2F takes priority over Token 2FA.
Your current coverage
app for adding token-based 2FA.
- Logins
- Withdrawal Confirmations
- Password Changes
- API Key Creation
- Security Settings Changes
- Sensitive Account Settings Changes
Email Encryption with OpenPGP
Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for data communication. It uses a variation of the public key system. To use PGP with Bitfinex email communication, please provide your PGP public key below. PGP on Wikipedia
Send Email on Login
Receive an email each time someone logs into your account. The email will contain information about the IP of the authenticated user and a link to freeze your account if you suspect malicious activity.
Detect IP Address Change
If the IP address used to access your account changes on any request, all of your sessions will be immediately invalidated and you will be logged out. This prevents session hijacking.
IP Address Whitelist
Limit account access by IP address. You can provide one or more IP addresses and/or specify an IP range.
Login History
Each login to your account is saved and can be audited here.
Withdrawal Addresses Whitelist
For optimum withdrawal security, for each currency you can limit crypto withdrawals to a specifically whitelisted address. Alternatively, if you know you will not be using certain cryptos, you can disable withdrawals for a currency altogether.
IMPORTANT: For optimum security, unlocking or changing a locked withdrawal address of your Bitfinex account triggers an automatic withdrawal hold of 5 days.
Please note that the 5-day withdrawal hold is only applied when re-enabling disabled withdrawals for a currency or when modifying an existing whitelisted address. This is because it marginally reduces your withdrawal security. There is no 5-day hold applied when disabling withdrawals or adding whitelisted addresses since these actions marginally increase withdrawal security.
| Currency | Withdraws On? | Whitelisted Address |
|---|---|---|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
|
| Bitcoin |
|
Monitor Withdrawals by IP
If a withdrawal is requested from a new IP address you will receive an email asking you to check and verify the withdrawal. The 'untrusting' period for IP changes is 24 hours. If the withdrawal is made more than 24 hours after the IP address change, this extra email check is not triggered.
Lock withdrawals for 24 hours when a new IP address is used
When a new IP address is used to log into your account all withdrawals will be locked for 24 hours and you will receive an email notification.
Custom Withdrawal Check
Add a secret phrase to the withdrawal confirmation image. This is another step to help you ensure your withdrawal details have not been compromised by malware on your browser or a man-in-the-middle attack. Show me an example