Gemini Raises Security Standards With Web Authentication

Gemini was born in 2015 as a licensed cryptocurrency asset and custodian and it became the first of its kind to clear a SOC 2® Type 1 security protocol. Being a trust company based in New York, Gemini is regulated by the New York State Department of Financial Services and the New York Banking Laws. It is outreached to individuals and institutions alike to help to trade in and store cryptocurrencies easily.

Protecting the crypto network is at the core of the company’s principles. As such, since the start of their journey in the crypto market, they have come up with layers of security features to give the users a completely private and satisfying experience while accessing their Gemini accounts.

As its security-minded initiative, they have introduced a new approach to hardware security keys through web authentication(WebAuthn). This means that the users will now have to go through the two-factor authentication (2FA) method even by using USB security keys, TouchID of Apple and Windows Hello in order to sign into Gemini account.

At Gemini, they are totally inclined towards a secured platform for users. So the web authentication ensures that the sign in is totally backed up in the hardware and cryptographically recorded. Even if the user’s login credentials are known to someone, this will ensure that the process is a two-step verification which will ultimately eliminate chances of forced suspicious attempts.

The two-factor authentication is a mandatory step to login to the Gemini account. For this process, they have integrated the Authy application to generate a seven-digit security code which is generated in the mobile-based app. If not through the app then an SMS of this code can be sent to the mobile. Gemini recommends the use of Authy app for a better security environment especially when the user is withdrawing the cryptocurrency to their bank account.

Gemini added an extra layer of security in sign in, in case there is a website imitating Gemini and asking for all the login credentials. A new device will require email verification on logging in. Gemini’s integration with Authy allows the user to receive notifications whenever there is any action in its Gemini account. The Authy app also notifies irregularities in the user’s computer in events of malware infections.

Gemini has also launched a tool named Withdrawal Address Whitelisting which enables withdrawal of a cryptocurrency from the Gemini account only to certain cryptographic addresses which are approved by the user.

When logged in, Gemini provides the feature of registering hardware security keys to the account, in addition to storing multiple keys. When the user is using multiple keys, it will give the user the liberty to use a specific key and hence skip the two-factor authentication code which is sent on the Authy app or as SMS. However, when the user wants to withdraw into their bank account, then the two-factor authentication code will be required.

Currently, the Gemini mobile application is unable to support web authentication for two-factor authentication as the local support of web authentication is not extended on all mobile devices. Also accepting a security key is not compatible on all iOS and Android devices. As such, when using hardware security keys to sign in to Gemini account, Authy app needs to enable on the device again for the next log in to Gemini Mobile app.

With the integration of features like web authentication via Authy and Withdrawal Address Whitelisting, Gemini moves on to thrive for excellence in its security-first mission in the cryptocurrency market. They are working on improving their standards to make the crypto market more secure and reliable network.