Return to blog home

Blog home


PRODUCT

MAY 15, 2019

Securing your Gemini Account with WebAuthn

link
011 Securing your Gemini Account

Protecting your crypto is a cornerstone of our mission to build the future of money. We have operated from day one with a security-first mentality and have focused on providing our customers with layered security features to help them protect their Gemini accounts. Simply put, trust is our product.

Today, we’re excited to raise the bar even higher by introducing support for hardware security keys via WebAuthn (“Web Authentication”). You can now use USB security keys (e.g., Yubikeys, Feitian keys, Trezor and Ledger hardware wallets, etc.), MacOS TouchID, and even Windows Hello as your two-factor authentication (2FA) method when signing in to your Gemini account. Gemini is the world’s first crypto exchange and custodian to support the WebAuthn security protocol.

Using hardware security keys via WebAuthn to secure your Gemini account provides hardware-backed, cryptographic proof that it is you (and not someone else) signing in to your Gemini account — this prevents someone else from signing into your Gemini account even if they have your password. Using hardware security keys via WebAuthn also ensures that you only submit your two-factor credentials to the actual Gemini website and not a malicious website pretending to be the Gemini website.

Advanced Security Protection

Recently, we published a blog post outlining best practices for securing your Gemini account. We encourage you to read it if you have not already done so.

We’ve added many layers of security throughout the years to help you keep your digital assets safe. Since our launch in 2015, we have always required 2FA for all account sign ins; this has never been an opt-in security feature. We use the Authy app for 2FA, which either generates a secure 7-digit code on your mobile device or sends a code via SMS (Note: We encourage you use the Authy app for 2FA rather than SMS). This code is required when signing in to your Gemini account and when performing high-risk actions, like withdrawing your crypto.

But even with 2FA enabled via Authy, an attacker can stand up a website that looks just like Gemini, and ask for your username, password, and 2FA codes. Once divulged, your credentials can be used to access your Gemini account and ultimately withdraw your crypto. To mitigate this risk, we require additional email verification when you sign in from a new device. We also added support for Authy Push last year, which means that customers who have the Authy app installed will automatically receive a push notification that contains transaction details and requires confirmation every time they make a crypto withdrawal attempt. Furthermore, Authy Push will surface inconsistencies in a withdrawal in the event your computer is infected with malware.

Two weeks ago, we released a self-service tool called Withdrawal Address Whitelisting. When enabled, your crypto may only be withdrawn from your Gemini account to specific crypto addresses (submitted and approved by you).

Securing your Gemini Account with WebAuthn

You can register hardware security keys by going to your account security settings page (you must be logged in). If you have more than one hardware security key, you may register multiple keys for added redundancy. When you register multiple hardware security keys, we’ll give you the option to exclusively use your hardware security keys for signing in to your Gemini account, which will disable 2FA codes sent via Authy or SMS. Withdrawals will continue to require Authy Push notification (or an SMS code) to confirm.

Authy Push, Whitelisting, and today’s announcement of WebAuthn, give you the advanced tools you need to secure your Gemini account. We will continue to strive to be the most secure place for you to buy, sell, and store your crypto today and tomorrow.

Onward and Upward,

Team Gemini

RELATED ARTICLES

Blog 032224

WEEKLY MARKET UPDATE

MAR 22, 2024

BTC and ETH Suffer After a Strenuous Week of BTC ETF Outflows and ETH ETF Approval Uncertainty, While SOL Shows Strong Resistance against Downward Market

BTC Reaches New All-Time Highs Surpassing Silver

WEEKLY MARKET UPDATE

MAR 15, 2024

BTC Reaches New All-Time Highs Surpassing Silver, ETH Completes Dencun Upgrade, While Memecoins and Altcoins Show Strength

BNB and INJ perps launch

DERIVATIVES

MAR 07, 2024

Introducing the BNB/GUSD and INJ/GUSD Perpetual Contracts on Gemini’s Non-US Crypto Derivatives Platform

MORE FROM TEAM GEMINI

View all

Blog 032224

WEEKLY MARKET UPDATE

MAR 22, 2024

BTC and ETH Suffer After a Strenuous Week of BTC ETF Outflows and ETH ETF Approval Uncertainty, While SOL Shows Strong Resistance against Downward Market

BTC Reaches New All-Time Highs Surpassing Silver

WEEKLY MARKET UPDATE

MAR 15, 2024

BTC Reaches New All-Time Highs Surpassing Silver, ETH Completes Dencun Upgrade, While Memecoins and Altcoins Show Strength

Blog 030624 (1)

WEEKLY MARKET UPDATE

MAR 07, 2024

An Early BTC ATH Switches Up Halving Trend, ETH Shows Mighty Market Resilience, and Memecoin Mania Returns

A simple, secure way to buy and sell cryptocurrency

Trade bitcoin and other cryptos in 3 minutes.