We are excited to allow customers to access Poloniex with Level 1 Verification! However, as you can see here, there are several differences regarding the security and recovery services we can provide to Level 1 accounts.
We go to great lengths to protect all Poloniex accounts, but we also want our customers to be vigilant and protect their own. If you lose access to your account, we will do our best to help you regain access, but we cannot guarantee the resolution time or our ability to do so. Since Level 1 accounts have much less customer information, our means of confirming account ownership are limited and the recovery process can take several months.
It is important that you always protect not only your password but also the email account associated with your account and any device used to access it. Please follow the steps below to ensure your account is as secure as possible and recoverable if needed.
Two Factor Authentication
Enable Two Factor Authentication
We strongly advise you to enable two-factor authentication. This offers you greater protection from possible attackers attempting to log into your account than just using a password. In situations where your login information is compromised by a third-party data breach, two-factor authentication can help to prevent unwanted access to your account.
Back Up Your 16 Digit Key
In the event that you have changed or lost access to the device you use for two-factor authentication, your 16 digit key can prevent you from losing access to your account. It’s important to back this key up since we can only provide limited support for 2FA disable request to ensure better security of your account.
Please print or store this in paper form, delete any digital copies to keep it safe. We don’t recommend sharing this key with anyone and will never request you to provide your 16 digit backup key via support or email.
Be smart with your passwords and 2FA codes
We would like to remind you that your 2FA codes and the back up codes are only secure if you do not provide this to a malicious site. Always double check any emails you are receiving that claim to be from Poloniex. Before clicking on any links, be sure that it is a site you recognize or trust. If you are not sure, do not reply or click any links and get in touch with us immediately with a copy of the email and we can confirm the legitimacy of the email.
General Account Security
Keeping Your Own Personal Account History
It is always a good practice to keep a detailed audit of your account history, noting key events such as account creation, deposits, trades, API key creation, withdrawals, and any account updates or changes. An accurate account history presented to our Support Team can help expedite resolution times. That being said, make sure that your account notes are saved in a safe location, perhaps on a device you do not use to access Poloniex with, or written down offline in a place that will not be easily lost.
When You Are Finished A Session Always Log Out
We all know how easy it can be to leave a tab or app running in the background in order to make accessing that account again easier. However, by not logging out or killing an active session, your Poloniex account is at risk for session stealing attacks. This may allow an attacker to compromise your account and impersonate you as a user. The best way to increase security against these kinds of attacks is to log out of your account every time you are finished using it and killing active sessions on other devices that you are not currently using to access your account.
How You Can Freeze Your Account If You Believe You’ve Been Compromised
When there is a login to your account from a new IP Address, Poloniex will automatically send an email with the subject Poloniex account login from a new device to your Poloniex associated email from do-not-reply@poloniex.com. Within this email is a link to freeze your account, which you can click and confirm to stop all account activity.
If you believe your account has been compromised, freeze your account by checking your email inbox and contact our Support Team immediately.
API Key Security
Know the Power of an API Key
API keys can provide full access to your account without the need for logging in or two-factor authorization. As such, it is important that you only enable an API on your account when you intend to use it and that you disable each API key if you stop using it. You should use a unique API key for each bot, 3rd-party service, or application. Always delete API keys that you are no longer using.
When you create an API key, it is best to minimize its permissions as much as possible. If you will not be using the API key for trading, uncheck the Enable Trading checkbox. Only check the Enable Withdrawals checkbox if you will be using this API key for withdrawals. Only allow API access to third party sites that you trust. Poloniex is not affiliated with any third party vendors. If you enter API keys and their secrets into an unofficial app or website, you are sharing your credentials with a potentially malicious party. This could lead to a loss of assets.
Scams/Phishing
Please keep in mind that you are responsible for keeping your login credentials, 2FA codes, email address, and devices safe. If you provided this information to a malicious site, they have the ability to access your Poloniex account. We highly recommend that you use a strong and unique password, strong passcode, or biometric authentication on any computer or mobile device where you log into the Poloniex website or app. Additionally, please make sure that your email accounts and devices are safe and protected. Shared devices such as internet cafes, public computers, public WiFi, and others are high risk. If someone has access to your cell phone or other devices, they could potentially login and make unauthorized transactions. For more information, go here.