Hello @funky13, just to follow-up here, I have a couple of additional items I can share:
1. We are contracted with a 3rd party that performs monthly vulnerability assessment and penetration tests. This has been in place as long as Auto Trade has been live and will continue. We also are required to provide these reports to some of the service providers we use. This helps keep our security in check.
2. Regarding 2FA, we have had that option available since September of 2018 here: https://crypto-ml.com/two-factor-authentication/
3. Regarding storing the API keys locally, it is the consensus that our approach is much more secure (not that anything will ever be perfect). We do store this data on a secure web service (separate from other data) that has very explicit access controls.
With all of that said, security is a big deal and we will continuously review and employee best practices.
But above all–if you have API credentials on our platform–please:
– Enable 2FA
– Ensure that API does *not* have Transfer capabilities