What are your security "non-negotiables"?

[PrivateKayla]

I read a ton of articles on how to be secure in crypto transactions when I started. The common recommendations are:
1. Don't use a public network while transacting.
2. Use strong, unique passwords. Don't use the same ones.
3. Use a (paid) VPN.
4. Invest in anti-malware, anti-virus, and anti-spyware.
5. If possible, use a dedicated device for crypto alone.
6. Use a secure browser.
7. Never click on unknown and unsolicited links.
8. Enable 2FA in your accounts.
9. Always check URLs.
10. Spread out your funds.

These are also my non-negotiables and habits. What are your non-negotiables for secure transactions? You may have some uncommon ones that can be helpful to everyone.

[joniboini]

What kind of networks are you referring to by "public networks"? Something like a public hotspot? I agree that using public wi-fi is not recommended, simply because you don't know whether the network is secured properly or not. Even if you don't use your device to manage your crypto it's still a bad idea to use public wi-fi, especially if it's an open network. CMIIW.

As for VPN, I think it depends on your needs. You don't necessarily need a VPN to send your transactions. There are alternatives like DNS encryption if you care about accessing blocked websites.

I also don't think you need to buy three separate software to protect yourself from malware, just be careful with phishing attacks, verify downloaded files properly, and use Windows Defender or Malwabreytes if you want to scan your files. Some antivirus software slows down our computer while offering little to no improvement compared to Windows Defender if you use Windows. At the end of the day, your awareness is the most important to avoid viruses/malware. CMIIW.

[TomPluz]

I agree with most of your recommendations and there is really a need now to spread more information related to security so we can avoid being hacked or scammed as we invested money, time and effort for our coins and tokens and we are looking to the time when they can provide us financial freedom and NOT to lose them to scammers who are just lurking in the dark corners of the online world. Now, in addition to what you listed here, another thing is to never use CEX/DEX exchanges as a wallet as they should be use for what they are good and that is exchanging. Plus, one should be using non-custodial wallet as this can be another layer of security we can take advantage of. Above all, never trust anyone online and one must look for good reviews before using anything whether they can be apps, exchanges or any other crypto-related platforms.

[bitterguy28]

These are also my non-negotiables and habits. What are your non-negotiables for secure transactions? You may have some uncommon ones that can be helpful to everyone.

i think a lot of people already knows this but for those who are still not practicing this i recommend storing your seed phrase somewhere offline do not just take a screenshot and keep it on your device the moment your device gets compromised there is a big chance your wallet will be easily accessed

make sure to also update your devices into the latest software just to ensure that any security measures are up to date and another thing i tend to be more careful now is connecting to public internet so much of our data can be accessed from public wifis so as much as possible avoid connecting to them

[ABCbits]

Aside from common security practice, i would never share wallet private key/recovery words with multiple persons just to save some TX fee. I've seen some people claim they do such thing when they got caught operating multiple account.

4. Invest in anti-malware, anti-virus, and anti-spyware.

Those 3 usually refer to same thing. But FYI, some of those actually is spyware where they collect and sell your data. Here's an example, https://www.tomsguide.com/news/avast-avg-data-collection

[Jating]

Use Open source wallets like Electrum and verify it first before installing. Buy a hardware wallet if you are going to store a lot of Bitcoins or crypto in general for a long time.

Don't trust, but verify. Back up your keys and mnemonic phrase is different places and do not save in online. If you are going to used your mobile phone as crypto wallet, don't put large amount, as our mobile phone are always online.

I think for now, that's what the best known methods or practices that I think of.

[Lucius]

I read a ton of articles on how to be secure in crypto transactions when I started. The common recommendations are:
1. Don't use a public network while transacting.

Even better, never use them because there is a big risk that you will connect to a hotspot that is actually under the control of a hacker who can then steal all your login information.

https://en.wikipedia.org/wiki/Man-in-the-middle_attack

2. Use strong, unique passwords. Don't use the same ones.

For each service you use, you should have a unique e-mail with a unique password, and of course a strong and unique password on that same service. This data should never be stored online or as plain (unprotected text) on any device.

3. Use a (paid) VPN.

I'm not saying that it won't be helpful, but what if most VPNs are actually just a cover for those who just want to spy on us that way? Regardless of whether it's true or not, the fact is that those behind VPNs probably keep a lot more of our data than they admit.

https://www.altcoinstalks.com/index.php?topic=324120.msg1626176#msg1626176

4. Invest in anti-malware, anti-virus, and anti-spyware.

Perhaps a good security suite would be the right solution - one that has good AV, anti-malware and of course a firewall. A lot of different security solutions from different manufacturers can sometimes be counterproductive.

5. If possible, use a dedicated device for crypto alone.

It makes sense, in fact it is recommended, but not everyone can afford two computers.

6. Use a secure browser.

What is a secure browser? I assume that maybe you mean one that is open source, and one that is not too destructive to privacy like Chrome.

7. Never click on unknown and unsolicited links.

Never, even if you get an e-mail from some super famous person who sent you a bunch of money and just wants you to click on a link to get that money

8. Enable 2FA in your accounts.

Good additional protection, but 2FA is not bulletproof - whether it's authentication via e-mail or SMS, so it's better to use other methods like authenticator apps.

9. Always check URLs.

Related to that "don't click on suspicious links", and of course in cases where it is about very important (sensitive) links, each one should be checked in detail before entering your login information.

10. Spread out your funds.

This is smart, especially in the event that we are physically attacked and the attacker requests that we give him access to the wallet - a good wallet like some hardware wallets will always have the option of having more hidden wallets that can remain hidden in such situations.

These are also my non-negotiables and habits. What are your non-negotiables for secure transactions? You may have some uncommon ones that can be helpful to everyone.

Always check if the address to which we send/receive matches the one that is part of our wallet - in other words, beware of clipboard malware. Also, a BTC transaction must have at least 1 confirmation on the blockchain (preferably 2 confirmations) to be considered complete (irreversible). I mention this because of a possible double-spend attack, namely the same coins can be spent again if the previous transaction has not been confirmed.

+1

[Themepen]

Use Open source wallets like Electrum and verify it first before installing. Buy a hardware wallet if you are going to store a lot of Bitcoins or crypto in general for a long time.

Don't trust, but verify. Back up your keys and mnemonic phrase is different places and do not save in online. If you are going to used your mobile phone as crypto wallet, don't put large amount, as our mobile phone are always online.

I think for now, that's what the best known methods or practices that I think of.

I totally agree with this advice.
Using open source wallets like Electrum is safe because many people check code. Checking software before installing makes it even safer. For storing a lot of cryptocurrency use hardware wallet. It keeps your money offline protected from hackers. Always double check transactions. Do not trust anyone verify everything.

Save backup phrase in multiple safe places like USB drives or paper. This way we will not lose our money if something goes wrong. Using our phone as crypto wallet is convenient but risky especially for large amounts. Phones are vulnerable to online attacks.

To stay safe:
 Use strong passwords and two factor authentication (OP added)
 Keep software up to date
 Regularly check accounts
 Avoid suspicious links and emails (OP added)
 Consider multisignature wallets

Following these tips will help keep our cryptocurrency safe.

[Gurujebs]

I read a ton of articles on how to be secure in crypto transactions when I started. The common recommendations are:
1. Don't use a public network while transacting.
2. Use strong, unique passwords. Don't use the same ones.
3. Use a (paid) VPN.
4. Invest in anti-malware, anti-virus, and anti-spyware.
5. If possible, use a dedicated device for crypto alone.
6. Use a secure browser.
7. Never click on unknown and unsolicited links.
8. Enable 2FA in your accounts.
9. Always check URLs.
10. Spread out your funds.

These are also my non-negotiables and habits. What are your non-negotiables for secure transactions? You may have some uncommon ones that can be helpful to everyone.

This particular one is underrated but my advice is never login your wallet details into another person's phone. Don't import your seed phrase into another persons phone and never even dare try it with your private keys because I have seen a situation where friends became enemies, one import a wallet on the other and later deleted the wallet not knowing the friend screen recorded everything and later has access to the phone.

In addition, avoid browsers that don't allow adblock. There are instances where some browser that are not strong auto download things that may cause your device to install malware you are not aware. Be careful and be vigilant.

[Sim_card]

Be careful when sending funds and make sure that you cross check the address over and over again to avoid you swnding it to the scammer walket address due clipboard malware. Wil I say that don't copy and paste tge address that you are sending funds to but scan the QR code. You should not use your wallet to scan any QR code from random sites. Don't keep your coins in an exchange or with a third party.

[|MINER|]

You have brought up some important points that all of us who are connected online need to have because nowadays it is seen that people are losing their digital assets due to not taking proper security. In each case it is better to keep your personal data hidden as much as possible and of course to discuss investments less publicly and not to share investment amount and wallet address publicly.  Because many times it is seen that due to sharing such data with others or presenting it publicly, hackers get an opportunity to phish us.
Anyway to your points I would like to add another thing that encryption technology should be used to store the data so that no one can take the encrypted data x x.

[joniboini]

Anyway to your points I would like to add another thing that encryption technology should be used to store the data so that no one can take the encrypted data x x.

Are you referring to something like BitLocker? As far as I can tell, people can steal encrypted data but will need more time and effort to decrypt it. We need other ways to protect our devices to avoid that. I believe there are several ways to reduce the time required by doing additional attacks such as social engineering to trick users into inputting their password for the decryption process, planting a keylogger on a computer, and so on. If I remember correctly, some crypto wallet stealers use keyloggers to steal our funds so encryption won't help much. CMIIW.

That doesn't mean you should stop using passwords to secure your wallet though, that would be stupid.

[libert19]

My security non-negotiable is to never share sensitive details with anybody, whether it's pertaining to bank accounts (OTPs, Passwords, document details)) or crypto stuff (private key, seed phrase).

I have been phished before and I only realized it was phishing attempt when I realized page was asking for private key/seed, and this rule of not sharing sensitive details with anybody saved me.

[hugeblack]

They seem like AI-written recommendations, some are good advice and some are about privacy enhancement rather than account security but they are general and not about cryptocurrencies as the most important rule is to use a well-reviewed open source wallet that can be trusted.

[Lucius]

They seem like AI-written recommendations, some are good advice and some are about privacy enhancement rather than account security but they are general and not about cryptocurrencies as the most important rule is to use a well-reviewed open source wallet that can be trusted.

I checked with several AI detectors that are considered reliable and they all give the result that it is a text written by a human. On the other hand, if the majority of those who invest in cryptocurrencies followed all these tips, hackers would give up very quickly because they would succeed in very few attempts to steal something from someone.