How can I make my online accounts more secure?
Idoneus takes extensive security measures to ensure your account and cryptocurrency holdings remains as safe as possible, but ultimately, security is a shared responsibility. Here are some actionable steps that you can take to help safeguard your funds and keep your account safe from unauthorized access. These steps are relevant to your Idoneus accounts and any other online accounts you have (email, banking, exchanges, etc).
Use a strong password
Use a password that is long, random, and unique to your Idoneus account. Never use the same password twice across your online accounts!
If you don’t want to use a password manager, use a passphrase (a sentence or group of four or more words) for your account. However, be careful and do not choose a phrase from a book or a movie as hackers have access to sophisticated databases of such quotes.
Important Reminder: Never disclose your password to anyone. Idoneus employees will NEVER ask for your password.
Utilize the Strongest Form of 2-Step Verification
We strongly recommend using a security key to protect all of your online accounts including Idoneus, Coinbase, Gmail, Facebook, Dropbox, Instagram, Twitter, and YouTube. If you do not currently own a security key, Yubico is a popular choice.
If you’re not ready to invest in a security key, or just don’t want to use one, the next best option is Time-based One Time Password (TOTP) with a mobile authenticator app such as Duo or Google Authenticator. By using TOTP, you are drastically reducing your chances of your account being compromised.
Security keys and TOTP can both be enabled in your account’s security settings.
If you don’t own a smartphone and are restricted to receiving your 2-step verification codes via a text message, you should follow the steps in the section “Lock Down Your Mobile Account” to reduce the likelihood that you will suffer a SIM-swap or phone port attack.
Secure Your Email
our email is one of the most important connections between you and your Idoneus account. We use your email to confirm new devices, send you important alerts about your account, and to communicate with you if you need support. Please make sure it is secure!
For starters, visit https://haveibeenpwned.com/ to see whether or not your email address has ever been compromised in a third-party data breach. If so, we recommend changing any passwords associated with that email address. You should also enable two-factor authentication on your personal email account as well.
As an additional security precaution, you should conduct a periodic security review of your email account and settings as well:
Check your email account for unusual rules, filters, or forwarding addresses
Check your email account settings for authorized devices you do not recognize
Check for unauthorized recovery emails or phone numbers added to the account
For those who feel like they may be at risk of targeted account takeover attempts, check out Google’s Advanced Protection Program.
Lock Down Your Mobile Account
A SIM-swap or phone port attack occurs when an attacker has their target’s phone number transferred to a mobile device under the attacker’s control. Fraudsters are able to do this through a variety of means, including identity theft and socially engineering mobile carrier customer support representatives. This type of attack is a threat to all accounts using SMS-based 2-step verification and any account that can be recovered using phone-based authentication.
To help protect yourself against this type of attack, please complete the following:
Call your mobile service provider and tell them that you’d like to place a port freeze and SIM lock on your account
Ask them to create an account note requiring you to be in-store with a valid photo ID in order to port or transfer your phone number to a new device
Ask them to add or enable a PIN number to be used when making changes to your account
Inquire about other security measures you can enable on your mobile account to prevent unauthorized changes
Even if you don’t use SMS-based 2-step verification, you should still protect your mobile device by enabling a screen lock. This will help prevent a thief from accessing your Idoneus account and email if your phone is ever stolen.
Keep Your Devices Clean and Updated
While there are many types of malware that can infect a device, a few in particular can be especially worrisome. Keyloggers, remote access trojans (RATs), and cookie-stealing malware can all be used to steal your sign-in credentials and gain unauthorized access to your accounts.
To protect your devices from these types of threats, consider the following:
Utilize anti-virus protection and scan your device regularly. You should also be updating your virus signatures as often as possible to stay ahead of new threats. The top three antivirus providers are Norton, Avira and Bitdefender.
Set up and use a VPN service. A Virtual Private Network (VPN) is a software that encrypts your online connection, thereby creating a secure tunnel through which outgoing and incoming data are sent between your device and the destination website. This encryption makes it impossible for Wi-Fi operators or eavesdroppers to intercept the connection and steal confidential information. ExpressVPN, CyberGhost and PrivateInternetaccess are leading providers in this field.
Keep your device updated with all of the most recent operating system and security updates.
Keep your web browser and all other software updated with their latest versions.
Uninstall all questionable or unnecessary pieces of software from your device, especially tools that allow remote access.
Install an ad blocker like uBlock Origin in your browser to help protect you from malicious ads.
Practice safe web browsing habits and never click on suspicious links or download suspicious programs.
Do not install and use browser plug-ins or add-ons developed by unknown third-parties.
Enable a screen lock and password to gain access to your device.
Protect Your Cloud Storage Accounts
Many people who use smartphones often make use of cloud storage accounts such as Google Drive or iCloud to create backups of the data saved on their mobile devices. This data often includes messages, contacts, email, apps, photos, and more. If an attacker gains access to your cloud storage account and restores the device backup onto a device in their control, they will have a vast amount of information at their disposal to help them compromise your various online accounts. Do not underestimate the power of an attacker with access to this information!
Luckily, you can easily secure and protect your cloud storage accounts by following a few basic guidelines we’ve already covered:
Create a strong password! Preferably using a password manager.
Secure it with the strongest form of 2-step verification available.
Protect your email account.
Or if you want to completely avoid the risk of an attacker being able to back up your mobile device data, you can disable backups all together in your cloud’s account settings.
Bookmark the following Idoneus websites in your browser and only use these links to access Idoneus.
If you ever receive any text messages or emails about your Idoneus account, always use the bookmark to navigate to your Idoneus account.
Stay Alert for Phishing
What to do when hacked/clicked on a malicious link?
So it happened, your device has been hacked or you entered login credentials or sensitive data on a phishing website. While you can’t make it undone, you must take remedial action as soon as possible, by doing the following:
- Take the potentially infected device off the internet.
- Change your password immediately.
- If you’ve entered any personal information, you should change these details as soon as possible from an uncompromised machine. This will apply to all online accounts such as email, social media and banking.
- Scan system for malware with anti-virus software (this can be done when your device is offline).
- Use a service like https://haveibeenpwned.com/ to see if your email address and other information is exposed.
- If needed, get professional help to recover your device.
- If you actually got scammed, please report this to your local authorities.
Stay safe and remember to “think before you click”!
If at any time you have an account security concern or question, please do not hesitate to contact Idoneus Support. Only contact Idoneus through its official websites (see paragraph above). Fake customer support numbers and websites are a constant threat—please be very cautious with any information you find via forums, social media, and Google Ads.
As a rule of thumb, remember that Idoneus staff will never:
ask for your password, 2-step verification codes, or email access
ask you to install remote sign-in or remote support software on your computer
ask you to send money for resolving issues with your account
call you directly to handle account support or troubleshooting issues
If anyone claiming to be associated with Idoneus Support requests this information or calls you directly, please cease all communication and immediately contact us.
We hope that this information helps you take your online accounts security to the next level.