Use not only password/email login for your goolge account!

[oapieNL]

Important point of attention to prevent risk of theft of your coins.

Make sure you log in with minimal SMS 2fa on your google account.

If you do not have additional log-in security for your google account, then this is a maybe gold mine for crypto scammers.
All saved passwords can be found in your account where you chose to save once when you got a popup. This login names with passwords and websites can all be made visible with a simple password viewer extension  in every browser.

As an example, what I mean in your google account


Especially when you participate in airdrops or bounty it can be important, because you often make an account on those websites. Great chance that airdrops are scam. And that they use that login data. For example, to break into your google account or email address.


Use minimal SMS 2fa to access your google account.
Never use the same login information as that of your email and google account
Always use google 2fa authenticator to log in on exchanges.
Never install any APIs that can steal all information.

If you make these 4 things better. I can say, you are a bit safer!

Of course there are many more protections for your exchange accounts, but this is sometimes forgotten by people, while this is full of passwords.

[Marcel666]

Always use google 2fa authenticator to log in on exchanges.

And note, that when using Google 2FA, you should always back up the code used to enable it, so you can access your account if you lose the device in which the Authentication app is installed.

You can also preferably use Authy which stores your data in the cloud where you can always retrieve it

[Coyster]

What if the codes were not saved somewhere else? Is there other way to recover or open the google 2fa with other device?

As long as the codes were not saved anywhere,as far as I'm concerned it's basically impossible to recover whatsoever you were protecting,its ways advisable to back it up or Save it else where

If such device is missing,definitely google cant do anything about it,but the exchange/service providers of whatsoever you tried to protect have a 10% chance of helping out, but it takes loads and loads of proves/process before they can save the situation,most times it never ends well.  

[BUSHbuddy]

Always use google 2fa authenticator to log in on exchanges.

And note, that when using Google 2FA, you should always back up the code used to enable it, so you can access your account if you lose the device in which the Authentication app is installed.

You can also preferably use Authy which stores your data in the cloud where you can always retrieve it

What if the codes were not saved somewhere else? Is there other way to recover or open the google 2fa with other device?

why punish yourself with all this code saving/backing-up..... use authy its far much better than using Google 2FA authenticator

[Dilireba]

Ok, i agree that we must use 2FA authentication for Google account, but we should never store 2FA backup phrase online or in our computer or in smartphone, because if we're hacked, hackers can use 2FA backup phrase and log in to our account. Best way is write down 2FA backup phrase on physical paper.

[DdmrDdmr]

<…>

This topic is kind of reiterative, and crops up every couple of weeks or so. Nevertheless, it is an important matter to take into consideration and should be a concern.
Lately I’ve seen emails of scammers claiming that they have cracked people’s email account and have access to such and such. Normally these cases are not direct hacks on your email account, but derived from having provided the same credentials on a given website as you use on your email account.

2FA is an important safety feature, but just as important is to make sure you protect your 2FA backup codes properly or better still, use something like Authy that allows you to backup your 2FA on the cloud in an encrypted manner. I’ve seen quite a few cases of people using Google Authenticator on their mobile device, and then having a rough time accessing their accounts when the device breaks or gets stolen.

[Zhen Zhibing]

<…>

This topic is kind of reiterative, and crops up every couple of weeks or so. Nevertheless, it is an important matter to take into consideration and should be a concern.
Lately I’ve seen emails of scammers claiming that they have cracked people’s email account and have access to such and such. Normally these cases are not direct hacks on your email account, but derived from having provided the same credentials on a given website as you use on your email account.

2FA is an important safety feature, but just as important is to make sure you protect your 2FA backup codes properly or better still, use something like Authy that allows you to backup your 2FA on the cloud in an encrypted manner. I’ve seen quite a few cases of people using Google Authenticator on their mobile device, and then having a rough time accessing their accounts when the device breaks or gets stolen.

I think it's not a big problem with repeat threads like this. Many newbies don't know about 2FA security and don't know how to use it to make accounts safer.

It's better if we have a sticky thread about wallets and accounts security in Beginners & Help, like Lauda's threads, then we don't need repeat threads anymore.

[oapieNL]

The following will sound a little weird, but I just throw mn backup keys directly into the trash if possible  .
I do not recommend people to do this, if you do not know what you are doing.

Here is why,

I have 2 smartphones that not have been used. Always in airplane mode.
I use not the same account identification keys on that phones.
Im using 2 to 3 different 2fa keys for the same account, for example a exchange to login.

The advantage of this is that if one of the phones fails, I can simply log in with the other smartphone with other 2fa keys on my accounts.

My crypto accounts are hackers trying to hack every day. I think for almost a year now.
They log in with the right password and email,  only they do not get any further with the 2fa identification.
These are just the hitbtc login attempts on my HitBTC account.

2018-11-15 14:26   Failed login attempt   Desktop   Chrome 58.0   WinNT   42.144.190.111   Yokohama, Japan
2018-11-12 11:59   Failed login attempt   Desktop   Chrome 58.0   WinNT   187.178.93.56   Mexico City, Mexico
2018-11-10 08:08   Failed login attempt   Desktop   Chrome 58.0   WinNT   175.206.17.170   Seoul, Republic of Korea
2018-11-09 03:41   Failed login attempt   Desktop   Chrome 58.0   WinNT   1.0.220.203   Nakhon Si Thammarat, Thailand
2018-11-04 01:11   Failed login attempt   Desktop   Chrome 58.0   WinNT   2602:ff62:121:814e:8000::4   Chicago, United States
2018-10-31 07:53   Failed login attempt   Desktop   Chrome 58.0   WinNT   1.20.96.234   San Sai, Thailand
2018-10-17 12:07   Failed login attempt   Desktop   Chrome 58.0   WinNT   210.195.171.89   Klang, Malaysia
2018-10-08 22:29   Failed login attempt   Desktop   Chrome 58.0   WinNT   165.16.250.26   South Africa

What I also forgot to report is about whitelisting your external wallet addreses for withdrawal monney form accounts.
The whitelist is an additional security measure aimed to protect your trading and your funds by creating a secure list of withdrawal addresses. By setting and confirming the whitelist of addresses for cryptocurrency withdrawals you agree that the withdrawal of the funds will be limited to these addresses only.
I also use it on hitbtc, and can only withdrawal to one of whitelisted wallets.
https://support.hitbtc.com/hc/en-us/articles/360000800605-Whitelist-of-withdrawal-addresses

[Harlot]

I have no problem using SMS text messages as my way of 2fa especially if I have the password with my email as well in most of my login accounts. This could quickly be avoided by always having a different kind of password for your email as well as setting up your IP detection setting for unrecognized pc log ins as you can quickly unauthorized or prohibit their log in attempts. Also none of this is necessary if you know yourself you are not downloading some random files in the internet.