Why anti-phishing codes matter and how to use them
Safety and security
An anti-phishing code for email is a unique identifier added to communications. It ensures the email’s authenticity and helps users verify that it’s legitimately from the organisation, protecting against fraud.
What are Hardware Security Keys, and why should I use them?
Hardware Security Keys are physical devices that provide a strong, phishing-resistant form of authentication for your BTC Vault. Think of them as the actual keys to your digital vault. They're small USB or NFC-enabled devices that add a crucial layer of security to your high-value funds.
By requiring this physical key for BTC Vault withdrawals, your assets remain secure even if someone gains access to your phone and PIN. They're especially recommended for securing large amounts of cryptocurrency or for users who want maximum protection for their long-term holdings.
Why are Hardware Security Keys a better control? Can't I just use Google Authenticator?
While apps like Google Authenticator offer good security for regular transactions, Hardware Security Keys provide superior protection for your BTC Vault.
Unlike Google Authenticator, which is typically installed on your phone, Hardware Security keys are separate physical devices. This separation is crucial - even if your phone is compromised or stolen, your BTC Vault remains secure. Hardware Security Keys are immune to remote attacks and don't rely on batteries or network connectivity. For Xapo Bank, where protecting your investment assets is paramount, Hardware Security Keys offer the highest level of security for BTC Vault access
Why can't I create a passkey on my phone, and why do I need to use an external Hardware Security Key instead?
As an app-only bank, we require external Hardware Security Keys for enhanced BTC Vault security. Storing a passkey on the same device as our app would create a single point of failure, potentially compromising your account’s security. By using an external Hardware Security Key, we ensure that even if your phone is compromised, your BTC Vault remains secure. This approach provides true two-factor authentication for your most valuable assets, significantly reducing the risk of unauthorized access to your long-term funds.
How should I store and use my Hardware Security Key?
Your Hardware Security Key should be treated like the key to a physical vault. We recommend storing it in a secure location separate from your phone, such as a home safe, rather than carrying it daily or attaching it to your keychain.
What is Multi-Factor Authentication (MFA) with Hardware Security Keys?
MFA with Hardware Security Keys secures your account by requiring a physical device, such as a YubiKey, connected to your phone via USB-C or tapped via NFC, in addition to your PIN or Biometrics.
How do I enable a Hardware Security Key?
Go to your account settings, choose "Security & Privacy," select “Hardware Security Key,” and follow the instructions. Have your YubiKey ready.
What if I lose my Hardware Security Key?
When it comes to Hardware Security Keys, the industry usually recommends customers have two of these devices. One is considered the backup key, which should be kept in a safe place or with a trusted individual. The other plays a more active role, which you can use, for example, to make BTC Vault withdrawals.
Note that allowing a trusted individual to access your “backup” key does not grant them access to your account or funds.
Xapo Bank’s security is built upon layers of controls, and a Hardware Security Key is one of those layers. However, if you lose your Hardware Security Key, you should still contact your account manager via in-app chat or email.
Can I add multiple Hardware Security Keys?
Yes, you can add more than one Hardware Security Key in the “Hardware Security Key” settings under the “Security & Privacy” menu. Hardware Security Keys are interchangeable, meaning you can use any of your enrolled keys to authenticate actions.
You must use an existing key to add a new one or to remove an existing key from your account.
Is a Hardware Security Key mandatory?
It's not mandatory, but it's highly recommended for additional security. The more funds you have in your Xapo Bank account, the greater the need to set up Hardware Security Keys.
Was this article Helpuful ?