Protect the Password
- Use a strong password, strong password should:
- Longer and easier to memorize passphrase is better than traditional complex password, although memorizable passphrase is not recommended.
- Minimum length longer than 12 characters
- Recommended: use password management tools, such as 1Password or LastPass.
- Regularly check if your password being leaked or not (https://monitor.firefox.com/). Change your password immediately if it happens. At the same time, never use the leaked account/password combo on MaiCoin.
- Do not share account/password with other services/people.
- Do not use browser built-in password management, e.g. Chrome, Firefox.
- Do not use shared systems or free Wi-Fi.
- iTaiwan public Wi-Fi hacking example: https://buzzorange.com/techorange/2018/02/14/how-i-hacked-itaiwan-free-wifi/
Add the Second Factor
Options of second factor:
- SMS (not recommended): It could be the second factor but not good enough, it’s hard to fight against SIM swapping attack.
- Recent SIM swapping attack case: https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124
- Use MFA with authenticator like Authy, LastPass Authenticator, or Google Authenticator (less recommended for its lack of PIN lock). And set the PIN or fingerprint for the App. (reference to Freshdesk page)
- Store TOTP secret key in the physical key (e.g. Yubikey supported type-C or NFC version) and plug them only when you need to generate the OTP. (reference to Yubico page: the android app part)
Better to use authenticator (with physical key) rather than SMS. In the end, you should store your secret key offline.
Set the Security Questions
You should set the security questions with real answers, those answers are important when you lose the MFA.
Always check the Account Activity
When receiving a suspicious account activity mail from MaiCoin, please report to MaiCoin support immediately.
Other things you can do
- Do not use emails without MFA protection as you account, which hackers can take over the control easily.
- Never click a link/download a file on a suspicious web page, email, or text. If you have clicked a suspicious link, please report to MaiCoin support immediately.
- If you’re being asked to send crypto currencies by a call, text or email, here are some questions you need to ask yourself:
- Is the requestor rushing or pressuring you?
- Is the person asking for money someone you’ve never met?
- If a known business requests for fund transferring online, is the destination a new account or different from what in the initial paperwork?
- Is the phone number that’s calling you (from, for example, your title company, contractor, or attorney) different than usual?
- Are you being pressured to send money to claim lottery funds or some other form of prize?
- If your answer is yes to any of these, think carefully about the request. It’s very likely to be a scam.
All links to third-party websites are for convenience and informational purposes only. MaiCoin is not responsible for the content of any Third-Party Site.MAX — MaiCoin Asset Exchange