If you’re active or planning to be active in the world of cryptocurrencies you should take good care of your OPSEC. Being sloppy with passwords or sensitive information could get you hacked or become another casualty of phishing. Most people who lost funds shared their private key or SEED or used the same passwords too long on too many accounts. In this guide I will explain everything you need to know about security so you can trade, invest or HODL safely in the cryptosphere.
- THINK! Use your head.
When something looks too good to be true it often is. Do not fall for scams promising you easy money. Do not click links to websites you do not trust. Do not open attachments in e-mails you are not sure of.
- Use unique passwords or better; passphrases
Often people use the same (or a few) passwords for many accounts. Don’t. This is probably the biggest reason why many people get hacked. When large hacks occur and databases containing passwords, e-mail addresses and usernames get published on the internet this is often the first attack vector a hacker uses. Hackers simply search for someone in those databases and see if they can retrieve a (once used) password.
Use passphrases. A passphrase like ‘I really LOVE Turtles!’ is harder to crack than ‘1LIKEToitles’ and is much more easy to remember. So if possible use a passphrase instead of a password. Use an unique and hard to crack passphrase or random generated password for every single account. Keeping record of all these passwords can be hard, hence:
- Use a password manager
A password manager is used to store all account info, passwords and other important credentials in one single place. This might seem risky but if you secure this single place in a correct way it’s a lot safer than securing dozens of accounts in a correct way. Most password managers can also be used to generate random secure passwords.
NEVER store passwords in a plain text file or note somewhere. Also never store passwords in your e-mail account. Password managers are not hard to use and are secure.
You can find loads of password managers you might use. I personally use KeePass because it’s supported for Windows, Linux, MacOS, iOS and Android and because it lets me store my database file locally (containing all passwords). This database file of course is encrypted.
- Update your software and use antivirus
Software updates can be quite a nuisance but this really is an easy step to make your pc a lot safer. Update your operating system on a regular basis, use antivirus software and keep other software up to date also.
- Don’t leave cryptocurrency on a centralised exchange
Centralised exchanges attract hackers because this is where the money is. Also you do not control the private keys of your funds on an centralised exchange. Unless you are trading with it do no leave coins on an exchange but transfer them to your wallet.
- Doublecheck everything when sending a transaction
There is known malware which replaces bitcoin (or other cryptocurrency) addresses with an address owned by someone else. Before sending a transaction always check if the receiving address is correct. If you plan to send a big amount you might consider sending a small test payment first. When sending to an exchange always check if the exchange wallet is not in maintenance. This can sometime take several days and you will not be able to access your funds.
- Use two factor authentication (2FA)
If possible always use two factor authentication but do NOT use 2FA with SMS. Use an app like Google Auth or Authy preferably on a phone only used for this matter. Using 2FA with SMS is being used as an attack vector by SIM hijacking, once they have your number your 2FA is breached.
Using a 2FA secures your account because the attacker also needs a random generated code from a device you own.
- Use a hardware wallet
A hardware wallet like the Ledger or the Trezor stores your private keys for you. You can store, send, receive (and even trade on a DEX like the Waves DEX) all kinds of cryptocurrency using your hardware wallet. Hardware wallets are a very secure way of storing and using cryptocurrency.
- Use multiple e-mail addresses
Using different mail addresses for different accounts can be a good way to prevent a hacker for gaining access to lots of accounts if a mail address gets breached.
- Ditch Internet Explorer and use FireFox or Chrome browsers
Internet Explorer is a browser most commonly used and that’s why the browser is often used by hackers as an attack vector. Firefox and Chrome are often faster but also more secure.
- Use adblock extensions for your browser
Adblock does not only stop ads but malware is often injected from a website using ads or scripts. Extensions like uBlock Origin stop this scripts from loading. You can opt-out websites you wish to show ads for of course.
- Try avoiding third party wallets or software
Try to avoid installing third party wallets or software on the pc you use as much as possible. Third party wallets have a history of security leaks and malware is often installed along (seemingly) legit software.
- Certificate (https) errors on websites
When a website is breached this site often shows a certificate error. When you encounter an error like this on a website close it and try again at a later stage. Never submit any information to a website giving certificate errors.
- Encrypt and backup important files and information
If you have important files do not store this as plain text but encrypt this and store it somewhere safe (BACKUPS!). Lots of free encryption tools are found within your operating system or the internet. Software like VeraCrypt is not hard to use but very secure. Also try storing it on several locations (Flash drive, hard drive, etc.).
A paper wallet can be a good way to secure funds long-term if done correctly. Create a wallet on a air gapped machine (never been connected to the internet), print the keys, store funds on the wallet and store the private keys in a safe place.
- Only use your own pc and network
If you use someone else’s pc, public network or network of someone else you have no way to know if it’s secure. Do not log in to accounts when using this.
- Use Linux instead of Windows
Linux is way more secure as operating system than Windows is and there are many user-friendly Linux distributions like Ubuntu and Linux Mint. Linux is a great operating system even if you’re not very tech-savvy.
- Use virtual machines for software you’re not sure about
If you’re not sure about software or the source you got it from, you can install and use it in virtual machines by using software like Virtual Box or VMWare. This way all other software outside the virtual machine will not be affected.
I`m pretty sure there are more best practices for keeping your funds safe. Have anything to add to this article? Do not hesitate to contact us.