Tips for Account Security
While we at Paxos take the steps to ensure your investments and account remain secure, personal due diligence is essential to protecting your Paxos account. We have compiled a list of actionable items and general good habits that you can use when it comes to keeping your account secure.
Use a Strong and Unique Password
Use a strong and unique password for your Paxos account and change it regularly.
Should you wish to strengthen your password, here is the help center article for a password reset link so you can strengthen your password now.
Important Note: Never disclose your password to anyone. You can be guaranteed that we at Paxos will NEVER ask for your password for verification purposes.
Enable Your 2-Step Verification
You are required to set up a Time-based One Time Password (TOTP) with a mobile authenticator app such as Duo, Authy, or Google Authenticator during your account registration process. For more information on 2-step verification in Paxos, please refer to this article.
By using TOTP, you are drastically reducing your chances of your account being compromised.
Secure Your Email
Your email is an essential connection between you and your Paxos account. We use your email for important communications with you and it is our point of contact if/when you need support.
We recommended conducting periodic reviews of your email account and settings for the following to ensure your account does not get compromised:
- Check your email account for unusual rules, filters, or forwarding addresses
- Check your email account settings for authorized devices you do not recognize
- Check for unauthorized recovery emails or phone numbers added to the account
- Regularly change the password for your email account
It might be helpful to visit https://haveibeenpwned.com/ to check if your email address has ever been compromised in a third-party data breach. If so, we recommend changing any passwords associated with that email address. You should enable two-factor authentication on your personal email account as well.
Google’s Advanced Protection Program provides security resources if you feel at risk of targeted online attacks.
Identify Phishing Attacks
If you are not sure what phishing is, please refer to our article about phishing here.
A common practice engaged by attackers is to impersonate Paxos/itBit and Paxos/itBit support on social media. Ensure that you are only having direct communications with our official accounts which can be found here.
If you receive a message appearing to have been sent by Paxos, and you believe it is suspicious, you can always confirm by submitting a ticket to https://help.paxos.com/hc/en-us/requests/new to verify its authenticity.
Bookmark https://www.paxos.com/ in your browser and only use this link to access Paxos.
If you have any doubts on emails or messages you have received about your Paxos account, keep in mind our phishing article above and only rely on the bookmark to manage your Paxos account.
Secure Your Devices
It is important to be able to identify and avoid malware campaigns which could expose your devices to malware such as remote access trojans (RATs) and keyloggers. These malware are able to infiltrate your browsers and steal confidential information such as your login credentials gaining access to your Paxos account.
We recommend the following to reduce the possibility of such attacks:
- Install a trusted antivirus software and whitelist only trusted programs or applications. Ensure your antivirus software is up to date and schedule regular scans
- Ensure your device is updated with the most recent operating system updates
- Ensure your web browser and any related software is updated to the latest version
- Install an ad blocker like AdBlock or uBlock Origin as a plugin in your browser
- Perform due diligence on browser plug-ins developed by unknown third-parties before installing them
- Enable a password to gain access to your device
Do ensure you constantly update all of the above programs and also periodically review and uninstall all questionable or unnecessary pieces of software from your device, especially tools that allow remote access.
It is paramount to practice due diligence before installing any third party software or applications on your desktop. A common red flag of a shady source would be the provision of “free” or cracked versions of commercial software.
Protect Your Cloud Storage Accounts
Most of us rely on cloud storage solutions to easily keep and backup our personal information. This information if obtained by an attacker would give them access to confidential information that they could use to breach the security of your accounts.
Similar to securing your Paxos account or your email address, we recommend following the below steps:
- Create a strong and unique password, preferably using a password manager
- Secure it with 2-step verification
Disabling your cloud storage account’s backup feature is also an option to greatly reduce an attacker’s chance of obtaining your information.
Monitor Your Account Activity
In your Paxos account, visit the Activity page where you can view all of your trading activity.
If you notice an unauthorized transaction, immediately submit a ticket to https://help.paxos.com/hc/en-us/requests/new. This would allow our team to review your account and help you secure it as soon as possible.
Contact Customer Support
Please only contact Paxos through this portal. Do not hesitate to reach out with any security related queries or concerns should they arise. Remember to follow the above steps that have been detailed to ensure your account security is maximised.
Please note that Paxos staff will NEVER:
- Ask for your password, 2-step verification codes or login credentials
- Ask you to install third party remote support software on your computer for troubleshooting reasons
- Call you directly to handle account support or troubleshooting issues
If anyone claiming to be associated with Paxos Support requests related information or reaches out to you directly outside of our official channels, please cease all communication and immediately contact us.
We hope that this information helps you take your account security to the next level.