How to secure your cryptocurrency exchange account on OKX

okx learn
OKX Learn
2021.04.20

An overview of account security features available to OKX users

The security of user funds and assets is the foremost priority at OKX. Not only have we established sophisticated security systems for our internal wallets, but we also provide industry-leading security features and tools to our users.

In this tutorial, we will go over some of the security features that can help users secure their digital assets on OKX:

  • Login password
  • Email verification
  • Google Authenticator
  • Mobile verification
  • Mandatory 2FA
  • Anti-phishing code

What am I securing my account from? 

Cryptocurrency is an incredibly powerful technology that enables fast, global monetary transfers without requiring permission from any central authority. While this is very useful for certain applications, transactions with blockchain-based digital currencies are absolutely final. No entity can reverse a payment or issue a chargeback like with a credit card. 

Because all payments are settled with absolute finality, it’s almost always impossible to recover stolen crypto assets. This encourages thieves to target cryptocurrency users and the accounts they use to store their funds. 

Without any of the security precautions detailed below, a malicious actor with access to your OKX account would be able to steal your funds, and there is nothing we can do to get them back. That’s why we provide various features to protect your crypto assets from attackers. 

Perhaps the biggest threat to OKX user funds is phishing attacks. A phishing attack is where an attacker contacts an individual under the guise of a trusted entity and attempts to encourage them to hand over sensitive information. This often involves fake email domains, websites, and requests to change passwords and other crucial sign-in details. 

Look at the examples of phishing attacks below. These are real SMS messages OKX users received. Phishing attempts may also arrive via email or from other sources. 

As you can see, the attackers attempt to make the user panic by making some bold statements about their account security. One claims the user is a suspected money launderer, and one says that their account has already been restricted. 

The idea is to make the user rush to provide sensitive login information and inadvertently grant account access to the attacker. Yet, if we look closely, none of the URLs provided match OKX’s official URLs.  

If you receive a suspected phishing SMS or email, don’t panic. First, you can check the authenticity of a phone number, email address, WeChat message and communication via other official OKX channels using our handy Channel Verification tool. Just select the relevant channel from the menu and enter the sending address, URL or phone number from the suspicious message.

Next, log in to OKX using the official URL and contact OKX Support. Show the team a screenshot of the SMS message or email and they will advise you on whether the message is genuine or not. Alerting us to attempted phishing attacks also helps us keep other users safe. 

The advanced account security features detailed below will help protect your funds from various malicious actors. It’s also essential to always remain vigilant of where you are entering sensitive account information. 

If you’re asked to enter your account password somewhere, double-check that the site is actually OKX.com using the Channel Verification tool and never follow links to login pages from emails or SMS messages, no matter how authentic they appear. 

The process of setting up these measures starts at sign-up. If you don’t already have an account at OKX, you can visit the sign-up page or follow the instructions below.

Step 1: Sign up for a new account on OKX

Navigate to the OKX homepage and click on Sign up, located in the top right corner.

Along with particulars such as your email address or phone number, you will also be required to enter a password to secure your account.

The password should be 8–32 characters long, and include a number, a lowercase letter, an uppercase letter and a special character. Once done, click on Sign up to proceed.

In the example above, we use an email address to create a new account. After you click on Sign up, you will receive a verification email from OKX to the address you provided. Check your email for the six-digit verification code, enter it in the required field, and click Continue to complete the registration process.

Step 2: Go to the security settings page

Once you sign in to your account, you can hover over the profile icon located in the top right. A dropdown menu will be displayed, and you can click on Security settings to proceed.

OKX provides a variety of security measures to protect your account. You can review the completed and pending security items under the “Security” tab.

Throughout this tutorial, we will refer to this tab as the main section for all the security features.

Step 3: Activate security features

OKX users can secure their funds by activating the various account security measures shown on the “Security” tab. Currently, there are six security features available to users, with the first two being the use of an account password and the account verification email mentioned above. The other four security features are discussed below.

Authenticator app

Authenticator apps are free software authenticators that add extra security to online accounts. The most popular example is Google Authenticator, which is widely used to generate time-based, one-time codes. OKX users who activate Google Authenticator are required to provide confirmation codes when withdrawing funds or making changes to the security settings of their accounts.

To activate Google Authenticator, users first need to open the “Security” section and then click on Settings in the “Google Authenticator” column to proceed.

Users will then be directed to the webpage detailing the steps required to set up their Google Authenticator.

If you don’t have the Google Authenticator app installed, you can scan the QR code on the webpage and download it from the Apple App Store or Google Play. 

After installation, open Google Authenticator and scan the provided QR code or enter the provided key to retrieve a six-digit code.

To complete the binding process, click Get code to receive a code on your email address or phone number. Enter it into the relevant field along with the six-digit Google authentication code and click Confirm to proceed.

Once you have set up Google Authenticator, it will be listed under “Enabled security features” on the “Security” tab. You can click on Guide to learn more about Google Authenticator or click Reset or Turn off to change settings.

Mobile verification

The mobile verification feature allows users to receive codes on their mobile devices to confirm fund withdrawals, password changes and changes to other settings. 

To activate this security feature, open the “Security” tab again and click on Set next to “Mobile Verification.”

Choose your country and enter your corresponding mobile number when prompted. Then, click Get code to receive both the required SMS and email codes. Enter the codes requested in the relevant fields and click Confirm to proceed.

Upon completing mobile verification, you will receive an email confirmation, and the option will be moved to the “Enabled security features” list like the others. Click on Change or Turn off to change the settings later.

2-factor authentication

When enabled, 2-factor authentication is required for account login, fund withdrawals and sending red packets. Click Turn on from the “Security Settings” tab to activate this feature.

Click on Get code to receive an SMS code. Enter it in the provided field and click Confirm.

After this, 2FA will appear in the “Enabled security features” list, and you can turn it on or off later.

Anti-phishing code

An anti-phishing code protects users from email phishing attacks — like those described earlier — by helping them authenticate emails sent by OKX. Click on Settings next to the “Anti-phishing Code” feature on the “Security” tab and create any code of your choice. Once done, click on Get code for SMS verification, enter the received code or the one provided by your authenticator app, and click Confirm to proceed.

You can review your anti-phishing code settings in the “Enabled security features” list.

Your anti-phishing code will appear in all email communications from OKX, which will assure you of the email’s authenticity.

Step 4: Review your security settings

As you complete the setup for any of the security features discussed above, they are displayed in the “Enabled security features” list on the “Security” tab. You can then review the settings for each feature, change them or turn them on or off, as desired.

Given how digital assets have no central issuing authority, they are vulnerable to hacking and theft. It is recommended that users take all necessary precautions, including using these security features and ensuring that their devices are free from malware and viruses.

Not an OKX trader? Sign up today and join the world’s leading crypto ecosystem!