Security/Account Security

Identity Verification

Strong Passwords

To effectively protect user accounts, KuCoin enforces strong password requirements. Your password must include an uppercase letter, a lowercase letter, a number, and be between 10 to 32 characters long.

Supported Multi-Factor Authentication (MFA) Methods: Google 2FA, Text Message Verification, Email Links, Biometric Authentication

Multi-Factor Authentication (MFA) is a simple and effective measure that adds an extra layer of protection. When MFA is enabled, you perform a second type of verification in addition to entering your username and password. KuCoin uses several MFA methods, including email verification codes, text message codes, and Google Authenticator. Additionally, our app offers biometric authentication options, such as fingerprint and facial recognition, to verify your identity quickly and securely. If the system security detects significant anomalies in the device and IP address used to log into your account, or if it deems your recent action to be of risk to your account security, email links will be used to further reinforce verification. This helps prevent account breaches from phishing attacks, telecom frauds, and various other threats.

CAPTCHA: Preventing Brute-Force Attacks on Your Password

Smart CAPTCHA verifications use challenges to authenticate human identity. This helps to guard against spambots and password cracking attempts. Users are required to complete a simple test to prove that they are not a computer trying to hack into a password-protected account. The smart CAPTCHA system adjusts the difficulty of the tests based on the user's login environment, ensuring effective bot detection while minimizing inconvenience to the user.

Real-Time Alerts for Changes to Security Settings

When users modify their security settings, KuCoin's security system evaluates account safety based on the current login environment and user history. If necessary, customer support may intervene, requiring additional verification to ensure account security.

Managing Device IDs

A device ID is a unique identifier generated from the hardware, network, and environment characteristics of your internet device. This identifier effectively detects emulators, multiple device instances, and tampering. KuCoin assigns this identifier to each device, and marking a device as trusted reduces the login steps for a smoother experience. Additionally, KuCoin uses device IDs to identify and block suspicious devices, preventing unauthorized access and protecting your account from breaches.

Anti-Phishing Measures

Anti-Phishing Code

An anti-phishing code helps prevent phishing attacks. This code can be set up in your email, login, and withdrawal settings. By checking if the code is displayed during login, the site may be phishing. If you suspect a phishing site, exit immediately and update your security settings to keep your account safe.

Anti-Phishing Strategies for Multiple Scenarios

KuCoin's account security system consists of two parts: verification and risk control. Our risk control protocol deploys anti-phishing strategies for multiple scenarios such as logins, withdrawals, and for changes in security settings. It evaluates user devices, IP addresses, and past behavior to assess potential risks. If a risk is detected, additional verification steps are initiated based on the specific scenario to keep accounts safe.

Device Security

Malicious Plugin Detection

KuCoin analyzes the unique identifiers extracted from browser plugins injected into the official website. This helps to detect malicious and unofficial plugins, and preserve the safety of user assets.

Device Integrity Checks

On iOS and Android, the app ensures your security by checking if the device is rooted, jailbroken, running the official app version, or being debugged by other programs. This helps keep the mobile app safe and secure.

Privacy Protection

KuCoin values user privacy and is committed to protecting your personal information. For more details, please refer to our Privacy Policy.