30 Security Best Practices for Crypto Owners
Random Observation/Comment #712: Don’t get rekt! Secure your shitcoins!
Why this list?
The Internet was fairly low stakes when the worst case scenario of a social media account hack was a few chain letter DMs. With Crypto and DeFi exponentially growing, there could be substantial money on the line. Remember to protect yourself and make sure you follow these practices for even the non-crypto world of digital security.
By the way, this is an excellent exercise to walk through with your parents and loved ones because even though you might be super paranoid and take precautions, your whole family and friends can be targets.
General Digital Security Tips – Do this even for your non-crypto accounts
Use a password manager!!! Pay for it. It’s totally worth it. Get a family plan. Teach people how to use it. Implement it into your routine so you’re not managing a notebook of multiple passwords.
Never share your password or answer questions that might give tips for your password anywhere
Writing your primary password down is a good idea (in crypto, we call this a paper wallet), but create a secret code or encryption rather than directly writing down the password
If you use a password manager, you’ll only need to memorize one password! – Is this centralized risk? Yes, but you can protect the single vector in more ways. If needed, segregate password managers.
Length of password beats any combination of letters and symbols – You can enter spaces in passwords. Consider passphrases or combination of common words. I’m talking 42+ characters because rainbow tables have already solved the first 16 character combinations.
Create multiple email addresses and accounts. Specifically a separate email address that deals with money or connects to your bank. Do not use this email address for experimentation on new start up sites or your social networks. New email addresses are free, so make as many as you want.
Use a 2-Factor-Authentication (2FA) for any apps that give you the option. Don’t trust apps that deal with money that don’t provide some level of 2FA.
To prevent a sim swap/number porting, call your telephone service provider and tell them to never allow for number porting
Do not randomly download or click on random ads on your computer or phone – This opens up opportunities for hackers to install malware
Keep your devices and apps updated! The security updates are essential for your computers, phones, browsers, and apps.
Do not click on any links from random texts or respond to any texts from someone you don’t know. Also don’t pick up phone calls from numbers you don’t know. I literally block everything.
Don’t join insecure WiFi like at McDonald’s, Starbucks or airports. If you must, definitely use a VPN.
Use a VPN if you’re paranoid. It doesn’t hurt. I use one when I’m working in the crypto space.
For your phone, set up turn off screen within 5-10 seconds of inactivity with security unlock – Put in the habit of forcing a security code and avoid just leaving an unlocked phone lying around.
Do not save any caches or make sure to clear them. I am specifically paranoid about clipboards and keyboard caches.
If you’re super paranoid, buy a burner phone or tablet. You can use a different account for logging into them.
Crypto-specific for non-custodial wallets like MetaMask
Protect your seed phrase! Write it down as a paper wallet and then secure it!
For paper wallet security, consider splitting up the phrases or creating some encryption mechanism like for your password manager master password.
Specifically, do not take a picture or your seed phrases, copy it into your notes app, or email yourself copies or phrases. The reason to avoid doing this is creating central points of compromise. Segregating accounts means that a breach in one area doesn’t jeopardize other accounts.
Use a cold storage option like ledger nano, trezor, etc
Don’t create accounts on shady exchanges. I’d trust Coinbase, Gemini, Kraken, and Binance, but everything else has a risk of getting hacked or running away with your money.
Create multiple accounts on MetaMask. Don’t keep too much money you’re willing to lose on these accounts.
Never share your private key. Ever. Never ever.
Don’t just sign everything on random apps. This especially applies to activity on testnet.
Don’t use a MetaMask account with a large token portfolio to join random sites. Even cryptovoxels or decentraland. Keep it segregated and separated.
Consider a social recovery process like Argent
Consider creating a Gnosis safe multi sig wallet if you’re paranoid and want to protect your nest egg
If you don’t trust yourself, work with a trusted institutional custodian
If you don’t want hackers tracing you, you can try an exchange for washing funds. Exchanges don’t store tokens directly in your address, but rather in risk managed separate wallets
For those who want to take it to the next level, buy a separate Chromebook or reinstalled Linux build that acts as your air-gapped dedicated device to your crypto-related activities. I always chuckle when thinking about this because it’s like the old depictions of drug deals with dedicated metal briefcases that activate fund transfers.
~See Lemons Be Secure
Originally published on seelemons.com