Yubikey

We suggest you equip yourself with a personal authentication device such as Yubikey by Yubico, to serve as your two factor authentication both at supported exchanges, as well as to protect your Google account and others.

U2F (Yubikey) is the recommended two factor method. It is phishing resistant unlike TOTP/Google Authenticator and it is much harder to compromise than SMS/Voice call methods, if not impossible. It doesn’t require any software or drivers.

It is a great way of identifying yourself to the exchange or supported websites, as only the person in possession of the said physical key (on top of the password) can log into the website. An actual physical touch of the buttons is required (similar to hardware wallets for crypto), so it cannot be compromised over the internet, even if it remains inserted in your PC during a remote breach. If you do not wish to get said device, then another 2FA solution such as Google authenticator for your phone will do as well.

Furthermore, Yubikey is a perfect companion to your password manager. Having all your passwords accessible by a single master password might be very convenient, but is sure not very safe. With Yubikey as your 2FA, safety of your passwords within a password manager is suddenly much higher. Example of how Yubikey can be used with your password manager can be seen here (soon).

While Yubikey is a great form of 2FA, it can actually also be used as a sole form of identification on websites that support passwordless logins, in which case it can actually replace the password. While using Yubikey is more convenient as well as more secure than your password ever can be, we still suggest using both, so that even if another person gains access to your physical key, he still needs the password to gain access to your account and vice versa. That is the true beauty of proper two factor authentication.

We are strong advocates of going with a Yubikey or a similar device.