Use strong unique passwords
Current OWASP recommendations include:
- Password length of at least 10 characters
- Using different cases, special characters, numbers, etc.
- Using long pass-phrases consisting of several random dictionary words
- Choosing a unique password not used on any other website
Enable Google Authenticator 2FA
Two factor authentication (2FA) is a method of verifying your identity by asking for two independent proofs. On Xena Exchange, 2FA is implemented with the Google Authenticator application. To perform any sensitive operation, such as funds withdrawals, an intruder will have to:
- Know your login and password to login into the platform and initiate the operation.
- Unique 6-digit code that is valid during 1 minute and that is randomly generated by an application installed on your smartphone.
Configure 2FA by going to the Security Settings page in your account on Xena Exchange. The process is straightforward:
- Install the Google Authenticator application (Android or iOS)
- Click at the "Disabled" warning on the "Two-factor authentication for sensitive operations
- Follow the instructions
IMPORTANT: Please, write down the code as suggested by the instructions and keep the hard copy in a secure location. It will be required in case your smartphone gets lost and you need to recover access to your account.
There are two independent processes used with 2FA:
- Sensitive operations (withdrawals, trusted addresses, password change and recovery)
Both of these functions use the same 2FA setup, so once you configure your Google Authenticator for one of the functions, you can use the same code for the second.
Never share passwords and 2FA codes
Never disclose the password of your account or 2FA codes to anyone, including those claiming to be Xena Exchange support. Our support team will never ask for your passwords.