A beginners guide to keeping your crypto safe

Cyber security is hardly a sexy topic, and is easy to overlook, but the last thing you want to do as a crypto investor is watch all your money disappear because you were careless about keeping it safe.

The decentralised, unregulated and anonymous nature of cryptos means that it’s essentially impossible to track them down if they go missing or are stolen.

There’s no central company that will reset your password for you if you forget it.

There is no customer service centre to complain to when something goes wrong.

And there is certainly no authority to track down hackers that have gained access to your account and stolen your funds.

Keeping your cryptos safe can seem daunting, especially for beginners. However there are a number of easy steps you can take to ensure you stay in control of all your magical internet money.

The list below is non-exhaustive, and is in no particular order (and if you couldn’t guess, in no way constitutes legal or investing advice), so please continue to do your own research, and never get complacent with keeping your crypto safe.

Remove your personal details from public places on the internet

This should be pretty straightforward in this day and age, but a lot of people I speak to still don’t take online privacy particularly seriously.

We’re seeing more and more frequent invasions of our online privacy by hackers and large (supposedly law-abiding) companies alike, so the best strategy to stay clear of these is to just not have any of your personal information listed publicly online.

Hackers can use your phone number, email address and other personal information like your date of birth, where you live and work, and who you have close relationships with to socially engineer their way into your accounts.

If it’s impossible for you to hide or remove your personal email from public sites, make a new one and use this to open your crypto accounts, so at least this is more difficult for attackers to find.

If your phone number is public and there’s no way you can take it down (I’d hate to imagine the amount of spam you get if it is), then call your mobile carrier and ask for increased security on your account. More on this below.

In summary, the less of this information you publish online, the less of a chance you have of having it stolen and used against you.

Boost the account security on your phone plan

There have been plenty of documented cases where attackers, using social engineering, gain control of people’s SIM cards, and then reset the password to that person’s email address.

Once this is done and the attacker has access to the user’s email, they can reset passwords to any associated account, and it’s open season for that person’s crypto assets.

Don’t let this happen to you. Call up your phone provider and ask them to increase the security on your account for over-the-phone customer service. If somebody calls up pretending to be you, they should need more information than just your name and birthdate in order to to ruin your life.

Use a secure, offline wallet

One of the first ways people come to hear about Bitcoin and crypto in general is through massive hacks and security breaches, which inevitably decreases people’s confidence in these technologies.

Despite these hacks, it’s actually almost impossible to hack Bitcoin and some of the other well established cryptos.

Almost every hack that occurs in the crypto space involves hacking an exchange or users’ wallets to steal funds.

These centralised systems are inherently less secure than the crypto protocol itself, and are therefore a massive honeypot for attackers, who will go to extraordinary lengths to hack these systems and steal any cryptos available.

A primer on wallets:

If you want a quick breakdown of what crypto wallets are and how they work, read on. If you’re good with crypto wallets, skip this section. More on wallets here.

If you hold your cryptos in an online exchange, you technically own them, but don’t actually have full control over them.

You only have ultimate control if you hold them in your own private wallet, so if the exchange gets compromised, say goodbye to your hard earned cryptos.

It’s much safer to hold your cryptos in a wallet you control, but this also comes with security risks.

Not all wallets are created equal, and for various reasons, some are much more secure than others. Crypto wallets are generally categorised as online (software) wallets, such as phone and desktop apps, and offline (hardware) wallets, like USB-style storage and paper storage.

The rule of thumb with wallets is that the less connected to the internet a wallet is, the harder it is for an attacker to access your cryptos.

Therefore an offline wallet like the Ledger Nano S or Trezor that stores your wallet keys behind a number of layers of security is the best way to keep your cryptos safe

It’s fine to store a small amount of crypto on exchanges and online wallets in order to make small transactions or to trade. However, far and away the safest place to store the majority of your cryptos is in an offline wallet like Ledger Nano S, Trezor, or (if you’re game) on a paper wallet.

These systems aren’t completely foolproof; you can still physically lose them, meaning you could lose access to your cryptos if you don’t have backups, or fall victim to phishing sites.

However, because cold wallets are never connected to the internet, the probability that they will get hacked is astronomically lower than an online equivalent.

Use two-factor authentication (2FA) for all your accounts

Two-factor authentication is essentially the process of verifying your identity by two methods when attempting to log in to an online account. Most often, a 6-digit code will be generated and sent it to you via an SMS, or generated by an authenticator app, that you then need to put into the account you’re trying to log in to.

Using 2FA ensures that even if your account password is hacked, the attacker still needs access to the device that is receiving the secondary code, and without it their attempts will be unsuccessful.

Enabling SMS 2FA is better than nothing, but it isn’t strongly advised, as attackers may be able to gain access to your mobile number by calling your phone provider and switching SIM cards. Using 2FA through an app like Google Authenticator (iOS) (Android) or LastPass Authenticator is the gold standard for 2FA.

Most (hopefully all) good exchanges and wallets will give you the option of using 2FA, but it’s generally up to you to switch it on. Jump into the settings page of the exchange(s) you use, enable 2FA, and level up your crypto security.

Don’t boast about your holdings (or talk about it at all) online

This should be a no-brainer, but it’s worth stating just for the record. Never ever ever ever EVER talk in a public forum online (Facebook, Twitter, Slack etc) about how much crypto you have.

End of story.

It’s best to not even mention that you have any cryptos to begin with.

Believe it or not, some bad people hang out on the internet, and if one of them sees you bragging about the Lambo you’re about to go and buy with your mad crypto gains, chances are that those sweet sweet coins will be gone before you reach the dealership.

I’m not saying that this is guaranteed to happen, but the easiest crypto security strategy is to go unnoticed.

If nobody knows you own crypto, nobody can steal what you have.

Shouting online about how much crypto you have is probably not the best way to stay unseen.

Please just keep your crypto holdings to yourself.

Use a password manager and strong passwords

Password managers are fantastic. No more repeating the same 8-letter password with one capital letter and one number for every site you sign up to.

Services like LastPass or 1Password will remember the passwords for every site you log in to, and even help you generate strong, secure passwords for all these accounts.

With state-of-the-art security and encryption, as well as a strong master password securing your account with two-factor authentication, using a password manager is an incredibly easy and secure way to manage your passwords across browsers and even devices.

Set passwords for your phone and computer

This one sounds kind of stupid and self-explanatory, but it’s easy to forget. If you’ve logged into an exchange and left your computer open and walked away, or lost your phone with mobile wallet apps installed and no password protection, it’s incredibly easy for an attacker who knows what they’re doing to steal everything you own.

It’s bad enough to lose your phone or computer, but it would be devastating if it was compounded by all your crypto disappearing soon afterwards.

Protect your devices with passwords, so if the unthinkable does happen, at least your cryptos and all your personal information stays safe.

If you’re new to the crypto space, it can be difficult to wrap your head around why all this security is necessary, and what you should be doing about it.

However it isn’t too difficult to make yourself more secure than 90% of people currently in the crypto space, and incredibly difficult to hack, with just a few small changes.

Following the steps outlined above won’t make you crypto invincible, but it will give you every chance to keep hold of your precious coins, and won’t reduce you to being the victim of a malicious hack like so many before.

This post was originally published on Medium by Jack Dossman in October 2018.

Originally published at www.cryptobeginners.info.

Related Stories


Common crypto scams and how to avoid them

Despite all the hype and excitement, the crypto space has unfortunately become synonymous with hacks, scams and thefts. Cryptoaware.org estimates that at least $2.3 billion USD has been lost to scams and hacks in crypto since 2011 (as of August 2018). The actual number is probably even higher due to the number of attacks that go unreported every year. So why is this the case, what scams should you be aware of and how can you stop them? Why are there so many crypto scams? To understand why scamming is so rampant in…