With the current value of BitCoin soaring against the fiat currencies it's inevitable that it will attract keen interest from cyber criminals. Don't be lulled into a false sense of security by having your wallet stored at an online exchange.
Whilst many exchanges provide good file security and network on their networks, they are not responsible for the contents of your wallet being stolen should your password be compromised through a phishing attack or if you login password gets captured by a trojan on your computer/mobile phone.
The best way to secure your wallet is by having two factor authentication set on it.
Whilst the largest bitcoin exchange Mtgox provides support for this security model the documentation provided by Mtgox is a appalling and two factor authentication would not be able to be implemented by non technical computer person.
If you have an online Mtgox wallet that you access by means of a home computer download and install the the the Google Authentication App. I'm not a big fan of becoming even more dependent on Google but this is what is supported by MtGox and will have to do for now unless you decide to buy a YubiKey which is a hardware implementation (via a USB key).
- Download the html5 google authenticator app here and extract the files in into a folder of your choice. Then open the index.html in your browser.
You should have a screen looking something like this, with only the default google alice account. Click the '+' to create an Mtgox account and enter the PRIVATE Key here that you create at the MtGox site. Login to MtGox now to create this PRIVATE KEY.
2. Creating your Private Key. Log into your MtGox account and go to the Security Centre.
Click on the 'Add New' New Software Authentication System. This will bring up the screen shown below.
Print and Save this in a safe place! Take a screen shot of it as you will need to know and keep hold of your Secure Private Key for future reference. Do not Lose it!
3. Now enter this PRIVATE Key into the place requesting it in the Google Authenticator. You should then have your OTP (one time password aka passcode) appear fro the MtGox account in Google Authenticator and the changes ever 30s.
4.Copy the OTP (also called the Code on the mtGox site) from the Google Authenticator and enter it into the 4th field at the bottom called 'Code'. Then click on the 'Save' button.
5. Applying the Security.
Go back to the mtGox security centre. When you created the Private Key using the New Software Authentication System, the first entry created was the Auth Name. This was done automatically. In the screen above it it OTP#5059.
You can apply your OTP to the LOgin, Withdrawal and Security Centre.
Apply it to both the Withdrawals and Security Centre as shown in the screen shot below. Why link this Google Authentication to the Security Centre. This is so that if someone does gain access to you email account the won't be able to reset/remove the security on your Withdrawals and thus steal your BitCoins and other Funds.