Security

IS ZBX REGULATED?

ZBX is a regulation ready exchange following Maltese regulation framework. Once final Maltese regulations are taking effect, ZBX will apply and acquire formal license to become fully regulated.

2-FACTOR AUTHENTICATION (2FA) FAQ

What is 2-factor authentication (2FA)?

Two-factor authentication (2FA), also known as 2-step verification, is a security layer in addition to your username and password. With 2FA enabled on your account, you will have to provide your password (first “factor”) and your 2FA code (second “factor”) when signing in to your account. 2FA codes are associated with a specific device (such as your phone) or your phone number.

What is TOTP?

Time-based One-Time Password (TOTP) is currently the most secure 2FA method recommended by ZBX. TOTP is an algorithm that generates a code based on the current time and a secret key known only to you and the online service(ZBX). The act of sharing this secret key is safe from man-in-the-middle attacks as there is no communication that happens over the internet. ZBX shows you a QR code, which is a representation of the secret key, which you then scan using an Authenticator app in your mobile device. Google Authenticator and several other authenticator apps allow you to generate TOTP codes using your mobile device or computer.

HOW DO I SET UP 2-FACTOR AUTHENTICATION?

ZBX provides two options for generating 2-factor authentication (2FA) codes: SMS and Google Authenticator

SMS (Default)

SMS/Text code sent to your phone which is verified during your account registration.

Google Authenticator (Recommended)

Google Authenticator or similar authenticator apps provide the most secure configuration for 2FA. These do not require phone reception or internet access once set up. Authenticator is not associated with your phone number (although we do require a phone number to be registered to buy or sell digital currency) so is not susceptible to phone number porting attacks.

HOW CAN I MAKE MY ACCOUNT MORE SECURE?

While ZBX takes extensive security measures to ensure your account is as safe as possible, there are some additional steps that we strongly recommend you take to help protect your account from unauthorized access.  We also have account types specifically designed for protecting your funds.

Customer Support

ZBX staff will never ask for your password, 2-factor authentication codes, or other login credentials. We will never ask you to install remote login or remote support software on your computer.

Fake customer service numbers and pages are on the increase — please be careful to verify any information you find via forums, social media and google adverts.

If anyone claiming to be associated with ZBX Support requests this information, immediately contact us.

Password

Use a complex and unique password that is not shared or similar to those used on any other websites. These guidelines provide some information about what makes a strong password. It's also a good idea to change your password periodically (about every 3 months) and use a completely new password each time. Using a password manager such as 1Password or LastPass makes this easy to manage.

Also, never disclose your password to anyone. A ZBX employee will NEVER ask for your password.

2-Factor Authentication

Take advantage of the 2-factor authentication (2FA) services we offer, either an extra SMS login code, or a TOTP app like Google Authenticator. This can be enabled on your Security page by adding Authenticator or a phone number. You can also enable 2-factor authentication codes when sending as an extra security measure.

TOTP apps are considerably more secure than SMS for 2FA codes, since they are tied to a specific physical device, not a phone number, which could be compromised in a phone porting attack.

If your email provider offers this functionality, consider adding 2FA to the email address you use to log in to ZBX. Do not use VOIP, Google Voice, or other phone providers that send you 2FA messages via email to the address you use to log in to ZBX.

If you use SMS 2FA codes, call your mobile provider and add additional protections to your account. For example, request a PIN or password for your account, ask for a port freeze and SIM lock (so attackers can’t move your phone number to a new carrier). If your carrier doesn’t support these added protections, consider changing to a carrier that does.

Email

Your email address is one of the most important connections between you and your ZBX account. Make sure it is secure, here can be used to see whether your email address has ever been compromised in a 3rd party data breach. If so, create a new email address to use with your ZBX account. You can update the email address here.

Do not use the same password on your email account that you do on your ZBX account. If your email provider offers it, activate 2-factor authentication (2FA) on your email account to add an extra layer of security.

Be aware of Phishing

Be on the lookout for emails pretending to be from ZBX (you may have heard this called “phishing”). This is the most common way customers are compromised. Bookmark important websites (ZBX, email, banks, etc) and only visit those sites from those bookmarks. Avoid clicking links or opening attachments in emails. ZBX will never ask for your password, 2FA or remote access to your computer.

IP Activity

You can check the IP login activity and verified devices on your account anytime by signing-in and visiting “Security->Login History” section under ACCOUNT tab.