Logging On to Gemini Safely: Two-Factor Authentication

October is Cybersecurity Awareness Month, which is an opportunity to share best practices for staying safe online. Over the next four weeks we’ll walk you through some steps you can take, as well as the safeguards we have in place, to secure your crypto from the time you log on to Gemini until you sign off.

Our primary focus at Gemini is ensuring your crypto remains secure, and the most impactful step you can take is to protect your login credentials. Keeping your Gemini credentials safe and private is the first line of defense against being a victim of an account takeover.

Use Two-Factor Authentication to Protect Your Account

As a Gemini user you’ll be required to set up two-factor authentication (2FA) on your account, providing you with an extra layer of security should your username and password be compromised. With 2FA set up on your account, you’ll be prompted to take an additional action alongside entering your password when you log in. This additional action can be 1) a one-time passcode that is generated by an authenticator app, 2) a one-time passcode delivered via an SMS message, or 3) a simple tap of a hardware security key like a YubiKey.

2FA has become a widespread security best practice in the cryptocurrency industry providing an important second layer of protection beyond your password. Set up your 2FA by connecting your phone number or downloading Authy, which you can then connect to your account via a QR code. We recommend you use Authy, which secures your account against SIM swaps and is more secure than receiving a 2FA code via phone message. Learn more about 2FA on Cryptopedia.

Strengthen Your Account Security With Hardware Security Keys

To really boost your online security, you can use a hardware security key, such as YubiKey or Google’s Titan Key, for all your important online accounts, including Gemini.

A hardware security key not only protects you in the event of your password being compromised but also uses some clever design and mathematics to ensure that your security key second factor is “unphishable.” It provides the strongest level of protection by delivering hardware-backed, cryptographic proof of your identity, ensuring that only you, the holder of the physical hardware key, can gain access to your account — even if an attacker has compromised your password or successfully executed a SIM swap on your mobile device.

To keep user accounts secure we use The Web Authentication standard, a top standard of hardware security key authentication for web applications. For more information, check out this step-by-step process for setting up and using a hardware security key to secure your Gemini account.

In the weeks to come, we will provide you with a number of other security measures to help you stay safe online. This Cybersecurity Awareness Month, “Do Your Part. #BeCyberSmart!”

Onward and Upward!

Team Gemini