If you’ve been reading the news about cryptocurrencies lately you may have a fear of missing out (FOMO), before you take the leap and get some crypto, check out some of the things I have learned in the past four years.
Today it is really easy to get cryptocurrency, so you may not take the time to understand how to secure your crypto assets. The following guide will help you keep and store Bitcoin, Ethereum, Ethereum Classic, Litecoin, and many other tokens securely, not to mention hopefully set you on a path of securing your digital life.
NOTE: I am not a security expert, nor is this a definitive guide. Being security minded is better than not. Once you make it a habit and a routine, you can rest easier knowing that your digital assets are safer. Lastly if you find anything wrong in my guide or have other tools or tactics you use, please share them in the comments.
Rules to live by in the cryptocurrency world:
- Double check all account addresses before transferring any crypto currency. I cannot stress this enough.
- Own your own keys.
- Never keep too many tokens in an exchange.
- Use cold storage for your bigger amounts.
- Create random passwords for every site and system you use.
- Use some form of double authentication. Something is better than nothing.
If you don’t know a term or how something works, make sure to take the time and go deeper with the information, the more you understand, the safer you’ll be.
Use randomize passwords that are at LEAST 8 digits long, for every system you log into. If one of your accounts get compromised, hackers cannot gain access to others. You need to use an encrypted password database system. Making sure to utilize a long sentence with numbers and symbols as your master password for the db. You may also want to use a combination of double authentication and/or physical key, so you don’t kick yourself in the behind when that hacker runs off with your tokens and the news reports that those tokens hit an all time high of $10,000!
“KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish)”
I like the open source system provided by KeePass. Open source software is vetted by the community making it less likely to have security holes. They also have some great open source plugins that extend the functionality of the software. Keep in mind, some the plugins may reduce your security, but you can always have multiple secure KeePass DBs with different levels of security.
You MUST keep that KeePass database in a safe place. Here are a couple options.
You can use pretty much any thumb drive, but there are some hardened ones out there that have a physical pin system and can even erase all the data on the drive after too many failed attempts. http://www.kingston.com/us/usb/encrypted_security
Considering that your more frequently used passwords need to be accessible on your desktop, phone and other work areas you are going to want to keep that KeePass database in the cloud somewhere. Below are some options
“ownCloud is an open source, self-hosted file sync and share app platform. Access & sync your files, contacts, calendars & bookmarks across your devices.”
Great source cloud storage solution. This is a bit more advanced to setup, but it means you are not at the mercy of private companies.
Google Drive or other cloud storage systems.
While some may not think Google Drive is the safest place to keep your data, you can visit the Google account security settings and make sure you have all the advanced security options turned on. Did I mention double authentication? Yes. Use it. You can also use a hardware key with Google.
“A hot wallet refers to a Bitcoin wallet that is online and connected in some way to the Internet. It is a term that refers to bitcoins that are not being kept in cold storage.” https://en.bitcoin.it/wiki/Hot_wallet
The only multi-chain wallet that works on practically every platform. Chrome, Windows, Mac, Linux, iOS, Android, etc. They use the HD wallet protocol as well:
“The Hierarchical Deterministic (HD) key creation and transfer protocol (BIP32), which allows creating child keys from parent keys in a hierarchy. Wallets using the HD protocol are called HD wallets.”https://bitcoin.org/en/glossary/hd-protocol
Open-Source, client-side tool for easily & securely interacting with the Ethereum network. Great tool, great team behind this.
A cold storage wallet can be as simple as a paper wallet. You can make a Bitcoin one here https://bitcoinpaperwallet.com or an Ethereum one here: https://www.myetherwallet.com
Ledger Nano S: https://www.ledgerwallet.com/products/ledger-nano-s
“Ledger Nano S is a Bitcoin, Ethereum and Altcoins hardware wallet, based on robust safety features for storing cryptographic assets and securing digital payments. It connects to any computer (USB) and embeds a secure OLED display to double-check and confirm each transaction with a single tap on its side buttons.”
One of the most versatile hardware wallets on the market. Easy to use, ultra secure with a great interface. The device also supports FIDO® which is the Universal Second Factor authentication standard on Google, Dropbox, GitHub or Dashlane.
If you don’t have some sort of 2-factor authentication, you are basically opening the doors to get hacked. If any system you encounter allows for 2-factor authentication. Make sure to set it up, even if its the SMS style verification codes. Make note, if someone clones your phone or uses social engineering with your phone company to take control of your device that SMS 2-factor will be compromised. Its very easy to do. Make sure you call your mobile phone company and set a verbal password or pin on your account. Phone companies are not as stringent as you’d expect.
Google Authenticator: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
“Google Authenticator generates 2-Step Verification codes on your phone. 2-Step Verification provides stronger security for your Google Account by requiring a second step of verification when you sign in. In addition to your password, you’ll also need a code generated by the Google Authenticator app on your phone.”
Someone recently got hacked on coinbase.com while using Authy, they however were not using all the security features. Authy provides some extra functionaly that Google Authenticator does not. Here is a thread on reddit discussing the hack and ways the user could have prevented it while using authy: https://www.reddit.com/r/Bitcoin/comments/6f0hhb/coinbase_recommendation_migrate_from_authy_to/
Side note: Many systems allow you to use your mobile phone number as a back up and for double authentication via txt message. Try not to use your actual mobile phone number. Use another SMS enabled number. An easy way to do this, is creating a separate google account and setup a google voice number on that account. That way even if a hacker gets access to your phone, they cannot get your two factor verification via SMS.
This is a physical key that you can plug into your computer or use with NFC on your phone. This combined with KeePass can make an ultra difficult static password or one-time password system. http://keepass.info/help/kb/yubikey.html
You don’t want to get Goxed so pick your exchanges wisely and never leave to much in any exchange. Remember you do not control the keys.
“The Safest, Fastest Asset Exchange on Earth Trade any leading blockchain asset for any other. Protection by Design. No Account Needed.”
You will need to get some crypto currencies somewhere else, but once you do and want to collect other, this is the place to do it. Another cool thing is that Shapeshift is integrated into the Jaxx wallet, so you can trade tokens very easily, right inside your Jaxx wallet.
A great team and a great system. You can exchange a number of different tokens, and they handle fiat currencies like USD and EUR. They have double authentication and can send notices to your email in PGP encryption. (if you want to get into PGP encryption, then you can consider yourself a real geek, like the rest of us)
The most funded and regulated of the US based exchanges. You can easily buy and sell tokens. They also have an integration with Shift card which allows you to use Bitcoin through a debit card.
Some parting words.
You will mess something up in this whole process. Start with small amounts, practice moving those coins around and create a security routine. Remember you are your own bank, there are no bailouts, there is no security guard at the entrance, you are the one with the keys to the vault.