CoinJar Support

Securing your CoinJar

Adrian (Melbourne) -

Covering how to make your CoinJar more secure with Enhanced Security.

There are two important considerations which contribute to keeping your CoinJar secure.

  1. Having a strong, unique password.
  2. Using Enhanced Security (also known as Multi-Factor Authentication).

 

Your password

In order to keep your CoinJar secure, you should set a complex password.  

In fact, we require this. While we don't have specific criteria for your password, we do run a quick check on its complexity and, if necessary, ask you to make it more complex and thus harder for a third party to determine.

Here are some suggestions for making your password more complex:

  • Make it longer. Adding just a few extra characters can improve a password dramatically.
  • Include a combination of both upper-case and lower-case letters
  • Include some numbers
  • Include some symbols (e.g. !@£$%^&*().)
  • Avoid standard words, dates, or patterns (e.g. "password", "123456" or "asdfgh").

You should not re-use passwords across online services and websites, especially the email account linked to your CoinJar.

If you need to store your password somewhere bear in mind that a physical copy (e.g. written in a notebook stored securely at home, away from your computer) may be more secure than a digital copy (e.g. a text file on your desktop, which may be stolen if your computer is ever compromised).  Many people find it useful to use an encrypted password management tool such as LastPass or 1Password.

Other steps you can take to keep your password secure:

  • Use up-to-date anti-virus software.
  • Avoid signing in to CoinJar from untrusted or public computers.
  • Only use a Wi-Fi source if you know and trust its provider.

Finally, we highly recommend that you also use Enhanced Security as an additional line of defence alongside your password. 

 

Enhanced Security

Enabling Enhanced Security - otherwise known as Two Factor Authentication (2FA) or Multi-Factor Authentication - alongside your strong password, is the best way to keep your CoinJar secure. Once you’ve set it up, you will be prompted to authenticate using your mobile device whenever you access your CoinJar. This way, even if someone were to gain access to your sign in details, they would be unable to access your CoinJar without first authenticating using your selected security device.

 

Primary and secondary devices

You may choose to set up two security devices - one primary and one secondary. We strongly encourage you to set up at least a primary device.

Primary devices protect your CoinJar from intruders who may have been able to access your correct sign in details. Each time you sign in to your CoinJar, you'll be prompted to authenticate using your primary device.

For convenience sake, when signing in from a trusted device, you can select "remember this device for 30 days" so that you don't need to complete authentication each time you wish to access your CoinJar on that device.

A secondary device, if enabled, will be required when you attempt to alter your Enhanced Security settings or make large transfers from your CoinJar. You will typically be prompted whenever making a new payment more than approximately $5,000. This is an added layer of security to protect you against the unlikely event of someone having access to your correct sign in details and your primary device. 

 

Types of Enhanced Security

There are two types of Enhanced Security to choose from:

  • SMS authentication
  • TOTP authentication

With SMS Authentication, you’ll be sent a SMS to your device whenever CoinJar requires authentication. Enter this code into CoinJar and you’re good to go.  SMS delivery can be slow and may be unreliable when travelling abroad, so consider TOTP if you're headed overseas.

TOTP stands for Time-based One-Time Password and can be used on your mobile device with apps such as Google Authenticator and Authy. These apps generate a brand new authentication code every 30 seconds. When CoinJar requires authentication, you simply access your TOTP app and enter the current code displayed. This can be completed anywhere you have an internet connection, so it's great for travelling or if SMS is unreliable for any reason. 

 

Setting up SMS Authentication

  1. After signing in to your CoinJar, select "Settings" from the left hand menu.
  2. Navigate to the Enhanced Security section and select 'Add new device'.
  3. Select 'Configure SMS', enter your mobile number, and choose a name for your device.
  4. Select 'Confirm device'. You'll be sent a SMS to your mobile number with an attached reference number.
  5. Enter the number into the CoinJar website and select 'Complete setup' to add this as your Enhanced Security device.

 

Setting up TOTP Authentication

  1. After signing in to your CoinJar, select "Settings" from the left hand menu.
  2. Navigate to the Enhanced Security section and select 'Add new device'.
  3. Choose 'Configure authenticator app' and choose a name for your device.
  4. Select 'Confirm device'. You'll now be provided with a QR Code on your display, which you can scan into your TOTP app. You can use apps such as Google Authenticator and Authy to complete this step. 
  5. After scanning the QR Code, your Authenticator app will then provide you with a 6-digit verification code.
  6. Enter that into the CoinJar website and select 'Complete setup'to add this as your Enhanced Security device.

 

Removing Enhanced Security

Please refer to our dedicated Knowledge Base article for further instructions on how to remove an Enhanced Security device from your CoinJar.

 

Updated: 7 Jun 2017 (AS)
Reviewed: 7 Jun 2017 (AS)


Not quite the information you're looking for? We've got you covered. Contact Support and we'll get back to you within a couple of hours, however depending on Support request volume during busy periods, response times may be longer, during open hours.

Comments

Powered by Zendesk