Best Practices for Securing Your Gemini Account
Security has been a pillar of Gemini since our inception. Our security-first mentality is baked into all of our products, serving as a true differentiator in the cryptocurrency industry. Our industry-leading SOC 2 Type 1 security compliance demonstrates our commitment to security and building trust in cryptocurrency as an asset class — trust is our product.
Empowering Gemini customers is also important. We recently released a self-service tool — Withdrawal Address Whitelisting — to provide our customers with an additional layer of protection on their Gemini accounts. Whitelisting allows our customers to (i) ban all withdrawal activity, or (ii) restrict withdrawals from their Gemini account to specific, approved addresses.
As we continue to upgrade this whitelisting feature and other account-level security options, below are additional security recommendations — including details on whitelisting, passwords, and best practices for managing your Gemini account and digital assets more broadly.
PASSWORDS & ACCOUNT ACCESS
The strongest passwords are impossible to guess. You should always use strong passwords to secure your desktop and laptop devices as well as your Gemini account. Instead of writing down strong passwords — which you should never do — we recommend using a password manager.
Utilize a password manager’s built-in features to create unique, complex, and bespoke passwords for each site you require credentials for. It is far easier for the human mind to remember one complex password (i.e., for the password manager itself) which will then allow you to copy-and-paste any stored passwords from the manager to any websites you use, including Gemini.
Always remember that Gemini will never contact you asking for your passwords, PIN numbers, or password-manager information. If you ever receive an email requesting such information, please forward it to us at firstname.lastname@example.org.
If you use the Gemini mobile app, we recommend securing it with biometric authentication via TouchID or FaceID for every login. A PIN you can easily remember, and never write down, is recommended for backup.
TWO-FACTOR AUTHENTICATION (2FA)
During account setup, we require users to go through the two-factor authentication process. This verifies your possession of two of the three recognized factors for authentication: (1) Something you have (like a mobile device or hardware token), (2) something you know (like a password or PIN), and (3) something you are (which is identified by your fingerprint, face, or government-issued ID).
Gemini’s method for 2FA authentication is Authy, a commercial application which you can download to your mobile device or desktop computer here. SMS verification is available; however Authy is more secure. For the highest level of security, we also recommend disabling the multi-device option in your Authy app settings. This will protect you from other devices being added with the ability to authenticate your logins.
In the event you have a new phone or phone number, you may temporarily lose access to Authy 2FA. You can resolve any 2FA lockout using the instructions here.
As you continue your Gemini account setup, you’ll link bank accounts to use as U.S. dollar funding sources for trading. The accounts you connect should be secured by strong passwords, ideally stored in a password manager.
Always practice situational awareness with your Gemini account: Never give out personal identifying information through untrusted sources, never allow remote access into your computer, and remember that Gemini’s primary support channel is email — not phone. (Our support team only calls customers in special cases, after coordinating a time and date via email.) When accessing the Gemini website, only use the URLs https://gemini.com or https://exchange.gemini.com/signin.
Once you deposit funds and start trading, review the Transaction History in your account settings regularly. If you ever suspect suspicious activity, please report it to us immediately at email@example.com or firstname.lastname@example.org.