The anatomy of a safe cex login
The typical cex login sequence includes identity verification, device authentication, and session controls. Treat each of these as a gate that must be hardened. Identity verification uses credentials — choose a unique, long password stored in a reputable password manager. Device authentication uses 2FA or hardware tokens to assert control. Session controls include short-lived sessions and clear logout flows.
Two-factor options
TOTP (authenticator apps) offers a good balance of security and convenience. Hardware keys (FIDO2) are strongest against phishing. SMS is weakest — acceptable only when no better option exists and as an interim step. Consider using multiple factors: a passkey for login plus a secondary device for high-value actions.
Minimizing blast radius
Limit API key scope, whitelist withdrawal addresses when available, and use subaccounts for active trading vs long-term storage. By reducing the privileges that each login or key provides, you minimize what an attacker can do even if they obtain valid credentials.
Make reviewing device lists and API keys part of your weekly routine — small checks prevent big problems.