Security Best Practices for Crypto Wallets

[Cordillerabit]

* Protect Your Private Keys: Your private key is the master key to your crypto. If someone gets access to it, they can steal your funds. Always keep your private keys secure. Hardware wallets like those from Ledger and Trezor store your private keys offline, making them immune to online hacks.

* Enable Two-Factor Authentication (2FA): Two-factor authentication adds an extra layer of security to your wallet. Even if someone gets your password, they won’t be able to access your account without a second verification step.
Use Strong, Unique Passwords: A strong password is your first line of defense. Make sure it’s long, unique, and includes a mix of characters.

* Avoid Reusing Passwords: Don’t use the same password across multiple sites. A breach in one place could compromise all your accounts. Use a password manager to keep track of your passwords and generate strong, unique ones.

* Beware of Phishing Scams: Phishing scams trick you into giving up your private information. Always be cautious:

* Double-Check URLs and Emails: Only enter your wallet information on trusted sites. Be wary of emails or messages asking for your private keys or other sensitive information.

* Keep Your Wallet Software Up-to-Date: Make sure your wallet software is always up-to-date to protect against the latest threats.

Source: coinbureau.com

[Charles-Tim]

Most crypto wallets do not have 2FA support.

Learning how to avoid malware is important. Also learning how to avoid scam is important. Anyone that wants to learn how to protect his coins should learn about these two.

Although, security best practices is about avoiding malware which is what hackers use to steal coins from people.

There are many things that you did not include.

If you have high amount of money in coins, go for a cold wallet.

[bayu7adi]

Although, security best practices is about avoiding malware which is what hackers use to steal coins from people.

Yes, this is the main point of hacking that often occurs, the device that is infiltrated by malware then sends data without the knowledge of the wallet owner, so that hacking occurs... avoiding malware on devices is difficult, because even antiviruses still miss some dangerous malware, this makes everyone have to be more careful when installing applications that are downloaded unofficially...

I also agree, that most of the hacks that occur are due to user negligence who do not pay attention that the threat of malware is very real...

[Findingnemo]

It is kind of misleading, are we talking about wallets or exchanges?

2FA is useless, if our wallet seeds or privkeys are exposed, so don't think that it can resist attacks especially the more advanced techniques are used by the scammers.

And Ledger is fucked up, don't use it anymore.

[TomPluz]

As one of the many victims of phishing attack, I know that feeling of losing something due to not being oriented on effective security measures one must fulfill to ensure security of one's digital assets. It is unfortunate that while we are enjoying many big opportunities in the cryptocurrency industry, there is that intertwined risks involved though there are things we can do to protect our own interest and possibly minimize possible damages that hackers and scammers can inflect on us. This goes to not just newbies in the industry but even to veterans like you and me.

[tabas]

There are still a lot of lazy people that don't activate their 2FA. They think that they're good already without having it, but please, if anyone hasn't activated their 2FA on their wallets and exchange accounts. Don't wait until something bad happens before you do it. As soon as possible, make a use of it and all you have to do is use apps like aegis for that and the others are using sms and email authenticators but the latter ones are less secured than a 2FA app.

[ABCbits]

Most crypto wallets do not have 2FA support.

And among wallet that have 2FA features, usually it refers to online wallet or custodial wallet/service which usually not recommended for storing big amount of coin. Although there's exception of Electrum where 2FA used to sign 2-oif-3 wallet.

It is kind of misleading, are we talking about wallets or exchanges?

I would go as far as saying those practices applies to online account in general.

[KryptoBell]

There are still a lot of lazy people that don't activate their 2FA. They think that they're good already without having it, but please, if anyone hasn't activated their 2FA on their wallets and exchange accounts. Don't wait until something bad happens before you do it. As soon as possible, make a use of it and all you have to do is use apps like aegis for that and the others are using sms and email authenticators but the latter ones are less secured than a 2FA app.

I like coming across posts like this because to be honest most newbies don’t know they can protect their wallets and exchange accounts using 2FA. Though some use it on their exchange accounts but not really with their wallets. We just have to keep reminding them.

[Lucius]

* Protect Your Private Keys: Your private key is the master key to your crypto. If someone gets access to it, they can steal your funds. Always keep your private keys secure. Hardware wallets like those from Ledger and Trezor store your private keys offline, making them immune to online hacks.

We will not say that our private keys are less secure when it comes to hardware wallets compared to mobile/desktop wallets, but due to all the scandals associated with Ledger in recent years, I would not recommend that device - especially if we consider that their firmware allows our private keys (seed) to be shared with third parties. Anyone who wants much greater security should seriously consider creating or purchasing an air-gapped wallet.


As for the other advice, I have nothing else to say except that people would have a lot fewer problems if they followed all of it. Unfortunately, as we can read various stories about hacked crypto users every day, it just shows that people are either too lazy or completely unaware of the dangers that threaten them online.

[SPOON_MOJO]

I know that not everyone uses a hardware wallet. I also used to rely just on hot wallets because it felt easier and more accessible but after hearing so many stories of hacks I’m seriously thinking about obtaining one. It’s not only about big money even tiny holdings deserve security

[Charles-Tim]

Most crypto wallets do not have 2FA support.

And among wallet that have 2FA features, usually it refers to online wallet or custodial wallet/service which usually not recommended for storing big amount of coin. Although there's exception of Electrum where 2FA used to sign 2-oif-3 wallet.

This is true, I have seen custodial exchanges which have 2FA just like those centralized exchanges. I do not like to refer to them while posting. I prefer just noncustodial wallets to make it look as custodial wallets are not existing.

Also Bloodstream Green has 2-of-2 and 2-of-3 2FA wallet. I prefer the 2-of-3. Generally I am not using 2FA wallet and they have addictional fee.

[Crwth]

I love how I learned it quite early on and didn't have some experience with hacks, and I don't want to experience that kind of thing. These are some of the practices that I really do. Thank you for sharing them as well.

[tabas]

There are still a lot of lazy people that don't activate their 2FA. They think that they're good already without having it, but please, if anyone hasn't activated their 2FA on their wallets and exchange accounts. Don't wait until something bad happens before you do it. As soon as possible, make a use of it and all you have to do is use apps like aegis for that and the others are using sms and email authenticators but the latter ones are less secured than a 2FA app.

I like coming across posts like this because to be honest most newbies don’t know they can protect their wallets and exchange accounts using 2FA. Though some use it on their exchange accounts but not really with their wallets. We just have to keep reminding them.

They will discover it later on if they continue to stick around using these wallets and exchanges. Me either, I was naïve and don't know how to do it until the news of hacks and other bad incidents happened to exchanges and wallets and that's when I started to look for some suggestions through research. And I think many newbies are also curious with their security and they have to do that for themselves because no one else will do it for them.

[Lucius]

I love how I learned it quite early on and didn't have some experience with hacks, and I don't want to experience that kind of thing.
~snip~

These are some basic things that everyone should know, regardless of whether they invest in cryptocurrencies or not. People still fall for cheap tricks that don't only involve crypto, but are common scams that involve fiat transactions. What is important to emphasize is that being safe online is not something you learn and apply your entire life and thus guarantee your safety - but that you need to learn your entire life to stay safe.

Hackers never stand still, always looking for new methods to trick us - and staying one step ahead is always a challenge.

[Tribalchief]

* Beware of Phishing Scams: Phishing scams trick you into giving up your private information. Always be cautious:

* Double-Check URLs and Emails: Only enter your wallet information on trusted sites. Be wary of emails or messages asking for your private keys or other sensitive information.

All these tips are quite basic but can literally save lots of people that take them seriously.  In the aspect phishing, I don't even advice that users should input information from their main storage device on any random website. Wallet softwares like meta mask is typically used in this case, especially when connecting with several online projects just for rewards. Phishing websites are very popular these days, as they form almost a replica of the original just to steal users information.  We just have to be cautious and keep to these basic but saving tips.