- Security Checkup: A Full Health Examination for Your Account
- How to Use the Security Checkup Feature
- Understanding the Security Score
- From Low Score to Full Score: A Step-by-Step Hardening Guide
- Regular Security Checkup Checklist
- Common Security Configuration Errors
- Limitations of the Security Checkup Feature
- Security Level and Asset Protection Recommendations
- Summary
Security Checkup: A Full Health Examination for Your Account
When you go for a medical checkup, the doctor reviews your indicators one by one — which are normal, which need attention, which need immediate treatment — all laid out clearly at a glance. The Binance APP's security checkup feature does exactly the same thing: it scans your account's security configuration, lists what has been set up correctly and what vulnerabilities remain, and gives you an overall security score.
As someone who performs a monthly security self-check, I find that many users are not fully aware of their account's security status. They may have enabled Google Authenticator but forgotten to set up a withdrawal whitelist, or linked a phone number but not configured an anti-phishing code. The security checkup feature helps you find these "missed items."
How to Use the Security Checkup Feature
Accessing Security Checkup
- Open the Binance APP
- Tap the profile icon in the top-left corner → "Security"
- At the top of the Security settings page, there is usually a security score or security checkup entry point
- Tap to enter the security checkup page
What the Security Checkup Covers
The security checkup feature typically evaluates the following areas:
1. Identity Verification Status
- Whether KYC verification is complete
- Verification level (Basic / Advanced)
2. Login Security
- Password strength assessment
- Whether two-factor authentication (Google Authenticator) is enabled
- Whether a phone number is linked
- Whether an email address is linked
- Whether biometric login is configured
3. Fund Security
- Whether the withdrawal whitelist is enabled
- Whether an anti-phishing code is set
- Whether there are active API keys (and a check of their permissions)
4. Device Security
- Number of currently logged-in devices
- Whether any abnormal devices are present
- Number of trusted devices
5. Advanced Security
- Whether a hardware security key is linked
- Whether auto-lock is configured
- Session timeout settings
Understanding the Security Score
Score Levels
Binance's security score is typically displayed as a percentage or a rating level:
| Score Range | Security Level | Meaning |
|---|---|---|
| 90–100% | Excellent | Comprehensive security configuration, extremely low risk |
| 70–89% | Good | Core security is configured, small room for improvement |
| 50–69% | Medium | Obvious security vulnerabilities exist |
| 30–49% | Poor | Multiple critical security measures missing |
| 0–29% | Dangerous | Account has almost no security protection |
Approximate Weighting of Security Measures
Based on my observations, the approximate weight of different security measures in the score is:
- Password: A baseline requirement — must be met
- Email binding: High weight
- Phone number binding: High weight
- Google Authenticator: Highest weight
- KYC verification: Medium weight
- Withdrawal whitelist: High weight
- Anti-phishing code: Medium weight
- Hardware security key: Bonus points
From Low Score to Full Score: A Step-by-Step Hardening Guide
If your security score is unsatisfactory, work through the following in priority order:
First Priority: Core Security (Highest Impact)
1. Enable Google Authenticator
If you only do one thing, do this. Google Authenticator offers the best security-to-effort ratio.
Time required: 3 minutes
- Download Google Authenticator
- Scan the QR code to bind it in Binance's security settings
- Write down the backup key by hand
2. Link Phone Number and Email
Make sure both are linked and able to receive verification codes normally.
Time required: 5 minutes
3. Set a Strong Password
If your password is fewer than 16 characters or is reused across multiple platforms, change it immediately.
Time required: 3 minutes
Second Priority: Fund Security (Prevent Asset Loss)
4. Enable the Withdrawal Whitelist
Restricting withdrawals to pre-approved addresses is the single most effective way to prevent asset theft.
Time required: 5 minutes (+ 24-hour cooling period)
5. Set an Anti-Phishing Code
One minute to set up, a lifetime of benefit. Makes phishing emails easy to identify.
Time required: 1 minute
Third Priority: Usage Security (Day-to-Day Protection)
6. Enable Biometric Login
Fingerprint / facial recognition — convenient and secure.
Time required: 1 minute
7. Set Up Auto-Lock
Prevents others from operating the APP when you are not looking.
Time required: 1 minute
8. Enable Security Notifications
Ensures you know about any abnormal activity the moment it happens.
Time required: 2 minutes
Fourth Priority: Advanced Security (Enhanced Protection)
9. Complete KYC Verification
In addition to unlocking higher limits, KYC is also an important credential for account recovery.
Time required: 5–10 minutes
10. Configure a Hardware Security Key
If you have significant assets, a YubiKey is the ultimate security guarantee.
Time required: 10 minutes (+ device purchase time)
Regular Security Checkup Checklist
I recommend performing a security self-check every month. Here is the checklist I use:
Monthly Check
- [ ] Is the security score still at full marks?
- [ ] Are there any unfamiliar devices in the logged-in device list?
- [ ] Are all API keys still in use? Are their permissions appropriate?
- [ ] Do the addresses in the withdrawal whitelist need updating?
- [ ] Are there any abnormal records in the account activity log?
Quarterly Check
- [ ] Does the password need to be changed?
- [ ] Can the Google Authenticator backup key still be located?
- [ ] Are the linked email and phone number still usable?
- [ ] Does the anti-phishing code need to be rotated?
- [ ] Are security notifications being received normally?
Annual Check
- [ ] Does KYC verification information need updating?
- [ ] Is there a need to upgrade security measures (e.g., add a hardware key)?
- [ ] Is the information in the password manager complete and up to date?
- [ ] Is the backup plan still effective?
Common Security Configuration Errors
Error 1: Only Enabled Google Authenticator, Not the Withdrawal Whitelist
Google Authenticator protects login and operation verification, but if the authenticator itself is bypassed (however low the probability), the withdrawal whitelist is the last line of defense. Without it, there is nothing to fall back on.
Error 2: Set a Strong Password but Reusing It Across Platforms
A data breach on one platform creates a chain reaction for all accounts using the same password.
Error 3: Enabled Security Notifications but Not Checking Them Promptly
The value of security notifications lies in "timely response." If you habitually ignore notifications, it is as if they are not enabled.
Error 4: Linked Email but the Email Itself Has No Security Protection
The security ceiling of your Binance account equals that of your weakest verification channel. If your email has no two-step verification, an attacker can reset your Binance password simply by compromising the email.
Error 5: Created API Keys with Excessive Permissions
Many users enable all permissions when creating API keys for convenience. The correct approach is to grant only the minimum permissions necessary.
Limitations of the Security Checkup Feature
While the security checkup is very useful, there are aspects it cannot detect:
- Whether your password has been leaked on other platforms: Requires an external tool like Have I Been Pwned
- Whether your phone or computer is infected with malware: Requires antivirus software
- Whether your SIM card is at risk of being hijacked: Requires contacting your carrier
- Whether your email has been compromised: Requires checking the email account's own security
- Your security awareness and operational habits: Technical measures cannot fully replace security mindset
Security Level and Asset Protection Recommendations
| Asset Size | Recommended Security Level | Essential Measures |
|---|---|---|
| < 100 USDT | Medium is sufficient | Password + Google Authenticator |
| 100–1,000 USDT | Good | + Withdrawal whitelist + anti-phishing code |
| 1,000–10,000 USDT | Excellent | + All security features |
| > 10,000 USDT | Full marks | + Hardware security key + cold wallet storage |
For large asset amounts, in addition to exchange security settings, it is also recommended to move the majority of assets to a cold wallet (such as a Ledger or Trezor) for safekeeping, keeping only the amount needed for daily trading on the exchange.
Summary
The security checkup feature is Binance's one-stop security assessment tool. Through it, you can clearly see where your security weaknesses are and address them one by one in priority order. Remember, security is not a one-time task — it is an ongoing maintenance process. Spending 10 minutes each month on a security self-check is far easier and more economical than trying to fix things after an incident. Open the security checkup now and see how you score.
Register on Binance | Download Binance APP
Download Binance App
Click to download — available on all platforms
Register Now
Register via our exclusive link and download the Binance app to enjoy permanent trading fee discounts