Cryptocurrency exchange Gemini is now offering support for hardware security keys via WebAuthn.
The new feature will allow customers to use a hardware wallet, MacOS TouchID, and even Windows Hello as a two-factor authentication (2FA) method when signing in to a Gemini account.
The US-based exchange has claimed that it is “the world’s first crypto exchange and custodian to support the WebAuthn security protocol”.
Protecting our customer’s assets is always our highest priority. Today, we’re raising the #crypto bar even higher — Gemini customers can now use hardware security keys — USB keys, @apple TouchID, and @microsoft Windows Hello as 2FA credentials: https://t.co/JChyrPFmFi
— Gemini (@Gemini) May 15, 2019
Using hardware security keys via WebAuthn to secure your Gemini account provides hardware-backed, cryptographic proof that it is you (and not someone else) signing in to your Gemini account – this prevents someone else from signing in to your Gemini account even if they have your password.
WebAuthn also ensures that you only submit your two-factor credentials to the actual Gemini website and not a malicious website pretending to be the Gemini website.
Coin Rivet reported earlier this year that Gemini had passed a security compliance audit conducted by Deloitte, boosting its status as one of the most regulated and compliant cryptocurrency exchanges.
Gemini passa na auditoria de conformidade de segurança pela Deloitte
Still potential for phishing attacks
As a word of caution, the exchange stated that “even with 2FA enabled via Authy, an attacker can stand up a website that looks just like Gemini and ask for your username, password, and 2FA codes”.
“Once divulged, your credentials can be used to access your Gemini account and ultimately withdraw your crypto. To mitigate this risk, we require additional email verification when you sign in from a new device.”
Last year, Gemini introduced support for Authy Push. With this feature, customers who have the Authy app installed will automatically receive a push notification that contains transaction details and requires confirmation every time they attempt a crypto withdrawal.
For more news, guides, and cryptocurrency analysis, click here.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.