https://bitcoinexchangeguide.com/cryptocurrency-security-guide/
Now that cryptocurrency is becoming more popular and many people are piling on with the intention of riding the wave, there’s increasing need for security measures designed to help keep your wallets and investment portfolios safe.
This is become very important in the wake of targeted attacks at specific cryptocurrency wallets and holders. Think of it as something akin to the wild wild west. The good news is that most cryptocurrency platforms and networks have in-built security measures, which does help.
But the onus also lies on investors to keep their crypto investments safe and secure. People are often the weakest link in crypto security. It doesn’t take much to hack a crypto investor’s wallet and move their assets if they are already careless.
The reality is that once you leave your wallet open and vulnerable, you’re essentially inviting “crypto thieves” to come take what you have. And once they have access, chances are you may never recover your lost funds anymore.
Your money will be gone, and your wallets emptied. So, follow these steps to stay safe and secure your cryptocurrency investments.
Secure Your PC
Use only PC’s with up to date antivirus and firewalls for your cryptocurrency transactions. Never assume your computer’s security is up to date. It only takes just one security vulnerability to have your computer hacked.
You might also want to consider installing a very secure operating system such as Qubes, Unix or Linux. These are about the most secure operating systems on the planet. They are often less prone to hack attacks and have configurations that makes them less vulnerable.
Qubes is well known for its privacy and security. There’s almost never hack attacks targeting computers running the Qubes operating system. However, if you insist on using a windows based PC or a mac always check for malwares and update your malware detector software.
Consider A Dedicated PC Or Mobile Device And A Secure Network
Another idea you might want to consider is having a device that’s solely dedicated to cryptocurrency activities. This means just one PC or mobile device used for only buying and selling cryptos.
This drastically lowers your odds of vulnerability. Devices that are used for surfing, work and pleasure activities are more likely to become infected with everything from viruses to ransomware.
For instance, hackers are becoming smart at stealthily dropping keyloggers –apps that track the keys you type as well as the sites you visit- on to your device.
So, when you type in your password, these keyloggers send the information back to the hacker who then uses it to get into your account and transfer your assets.
If you can’t set up a dedicated device for it, consider partitioning or virtualizing your computer. This simply means creating a separate platform on your computer that you will use for just your crypto activities. Check out VMware and Virtualbox for these.
Also important is your access to the internet. NEVER LOGIN TO YOUR CRYPTOCURRENCY ACCOUNT USING A PUBLIC WI-FI. Read that three times and let that sink in for a moment.
Not only is it easy for people to snoop on and interrupt data packets sent on public Wi-Fi connections, they can actually setup a Wi-Fi router and collect all the information that passes through their routers.
So, when next you’re in Starbucks and want to do a transaction, resist the urge of using the free Wi-Fi. It can cost you a ton of money. Use your internet data plan, and encrypt your Wi-Fi/bluetooth, if you’re in the habit of leaving them on.
Stop Being Lazy With Your Passwords
There’s an episode on the big bang theory where Howard breaks into a NASA lab worth millions of dollars because they used a $10 padlock to secure it. Many people are like this.
They invest thousands of dollars in cryptocurrency and secure them with lazy passwords that any half smart individual can guess. Don’t do this. Be smarter. You wouldn’t be lazy with your bank account’s security, would you?
So, use extra strong passwords with a minimum of fifteen characters, including upper and lower cases, numbers, alphabets and other characters.
Also, avoid using names, words that can be found in the dictionary or anywhere for that matter, as there are hacking tools with these dictionaries embedded in them. Bottom line, make your password indecipherable by making it as incomprehensible as possible. The best passwords often look like gibberish.
You should follow that logic. If you’re worried about forgetting the password, back it up in many places, write it down on a piece of paper and keep it safely stored away, use a locally installed password manager or any of the secure password managers available. Don’t use password managers on web browsers, those can be somewhat vulnerable.
And setup a two-factor authentication (2FA) system. This essentially means double layer protection on top of your passwords. So, if someone for instance, were to hack your account and wants to change your password, you would be notified via email, text messages and even an automated call.
Better still, set up your security so that the login is always from a couple of recognized devices. This way, if anyone tries to access your account from another device, it automatically shuts them out, freezes/secures your account, emails or texts you about a possible intrusion and requests verification based on the “rules” you set up.
This may sound like overkill, but when you’ve got 80 BTC in your wallet, you need to be extra cautious. Some good two factor authentication apps/service are FreeOTP and Google Authenticator. Example of a good 2FA hardware is Fido UTF.
Encrypt Your Data
Data encryption is also a great way to keep your crypto wallets safe and secure. You can easily set this up on a linux based system –see why we recommended linux in the first place?- without any hassles.
Simply use Cryptsetup or LUKS encryption apps to set this up. If you insist on using a windows based PC, you can use VeraCrypt. People using mac can use FileCrypt. These software will help keep your hard drives encrypted and impossible to hack in the event of a stolen device.
For instance, a crypto investor was recently ambushed and forced to transfer nearly $2million USD in cryptocurrencies to the criminals’ accounts. Unfortunately, because there’s no regulatory body, the victim couldn’t recover his money.
So, do yourself a favor, encrypt those drives –see where the dedicated device thing comes into play now?- and protect your information. If you want to be super safe, use double layer encryption protocols like the AES-Twofish, Serpent-AES, or Twofish-Serpent.
OR triple layer encryption protocols such as AES-Twofish-Serpent or Serpent-Twofish-AES. These provide multiple encryption layers that make cracking your device or data impossible.
Backup Your Data
Listen, your data is precious. Don’t ever make the mistake of not backing up your data. You can always buy a new PC or device. But, your data? That may be difficult to impossible to retrieve.
Life happens, disks crash, devices go up in flames, accidents happen, natural disasters occur… and a ton more unexpected incidents. Having your core data backed up offsite and locally can do wonders for you.
All it takes is restoring the backups and you’re up and running in no time. Back up your crypto information or wallet on a thumb drive, colocation server, encryption based file servers like mega or external hard disks.
Be Careful About Mobile Authentication
Okay, it’s easy to choose mobile authentication because you’re always with your mobile device.
The problem with that is hackers and cyber criminals are consistently inventing new ways to bypass or even hijack your phone number so they receive your password recovery instructions.
All they have to do is port your line and they’ll have all your details. So, do the smart thing and instruct your cellphone carrier to never port your line and deactivate call forwarding.
If you have to sign up for services and don’t want to use your number, there are multiple options such as skype numbers, pinger, and google voice.
Setup Core And Multicoin Wallets
If your cryptocurrency investment strategy involves buying and holding, you should first go with a core wallet. This is great for cold storage –another term for buying and holding cryptocurrencies- and keeping your cryptocurrencies for a long time.
These are usually designed to run at any time, no matter how long ago you stored the crypto. Multicoin wallets on the other hand, are great for daily crypto expenses, trades and usage.
They don’t require as much data as the core wallet, and they make it easy to exchange cryptos as quickly as possible.
Whatever the case, never hold cryptocurrencies in exchanges if you aren’t actively trading. If you do this, your wallet is at risk of being hacked whenever hackers target specific exchange networks.
If you clear out your wallet, it just means that even if they access your account, they won’t find anything. Think of it as moving your money from paypal or stripe to your local bank account.
Goodbye To Mobile Wallets
Which brings us to the next security tip: never ever carry around too much cryptocurrency in your mobile wallet. Listen, mobile wallets are great for daily usage and carrying around some spending money.
But they can be dangerous too if you ever get ambushed and are forced to relinquish whatever is in your wallet. Worse still, your phone could get stolen and you lose access to all that “cash”.
So, do the smart thing and leave only a couple of fifties in the mobile wallet. Don’t be a cautionary tale. Be smart about your cryptocurrencies. You know how you’d never walk around with over $200 in cash? Well, do the same with your cryptocurrencies.
Pay Attention To Your Browsers
Hackers have written malicious codes designed to modify javascripts, thus aiding phishing and information intercept. Since most browsers have extensions running on these scripts, it means that they are extremely vulnerable to these attacks.
So, if you’ll be doing some cryptocurrency exchange, install an extension called HTTP Everywhere or something similar. These extensions are designed to block or identify all non-secure websites and prevent unverified javascripts from running on your browser.
Also, consider using virtual private networks (VPNs) that are designed to secure, encrypt and anonymize your online activities. Also, install ad blockers to prevent ads from running on your browsers. This is particularly important, given that ads can now track your online activities, further making your connections vulnerable.
Use Third Party Crypto Security Entities
Companies like Trezor, NanoLedger and LedgerHQ are pioneering the safe keeping of wallets and encryption keys.
If you don’t want to worry about the safety of these or you misplacing them, simply have these companies take care of them for you by getting their hardware wallets and storing all your data on there.
These typically provide multilayer security and decoy wallets, thus ensuring your cryptocurrencies stay safe and secure at all times. However, that also begs the important question of trust: can one trust third parties to secure one’s investments?
Well, the questions is ultimately a personal one. Look them up, see what people are saying about them and then decide if they are worth the risk.
Stay Safe Online
This might sound redundant, but please avoid clicking links from unknown entities, only visit/enter sensitive information on secure https based websites, avoid surfing malicious websites and don’t download or execute any file whose source you’re not sure of.
Use messaging apps with end to end encryption, and remove flash players –these tend to be high risk apps. Oh, and make sure to upgrade your antivirus to the pro versions.
Yes, the free versions work just fine, but they are often helpless against the onslaught of snoopers who have developed sneakier tech that can easily bypass the weak security of free antiviruses.
Pro versions however, tend to be more bulletproof and secure, thus reducing the chances of your PC being hacked and your desktop based wallets being cleared out.
At the end of the day, your private keys are the only thing preventing you from being “raped” by the hacker criminals out there. Without those keys, the money you think you have, isn’t really yours. Yep, let that sink for a moment. So, secure your keys and take sovereign control of your money.