Best Practices For Cryptocurrency Security When it Comes to Your Wallets and Accounts
Cryptocurrency wallets are generally very safe. However, it is up to you to use best practices such storing your private key, seed phrase, pin, and/or password somewhere secure and using 2FA when applicable.
The same is generally true for other crypto accounts, although any third party platform where you don’t control your private keys directly (like an exchange) has risks.
In most cases losing a cryptocurrency like Bitcoin or Ethereum is 1. the result of a third party platform being hacked or going MIA, 2. a person losing their private key or seed phrase, or 3. a person sending to the wrong address.
You can avoid the above by using non-custodial services or insured custodial services, and by using best practices to copy / paste / store your private key, seed phrase, and/or password.
Below we walk you through some best practices of securing your crypto wallet and other accounts regardless of whether you are using custodial (you don’t control your private keys) or non-custodial (you do control your private keys) services.
How to Secure Your Crypto Wallets and Accounts – Basics
Copy and past your public key, private key, seed phrase, pin, and/or password (don’t write these down by hand) and store them somewhere safe.
If you lose this information, you may lose your crypto. If you have this information, you will not lose your crypto unless the platform you are keeping your crypto on gets hacked.
Here are some additional tips:
- Don’t share this information or lose it.
- Create a backup of your information and store that in another location (in-case you lose one device or lose access to that place).
- Bonus points for using a password program like LastPass, Google 2FA, and a secure password-protected offline device.
FACT: An account will rarely have a public key, private key, seed phrase, pin, and password. You only need to record the the information relevant to each account.
How to Secure Your Crypto Wallets and Accounts – Advanced
Above we cover the gist, that is copy your public key, private key, seed phrase, pin, and/or password and store them somewhere safe. Here is the more advanced version of that:
- Get yourself a password program like LastPass and Google 2FA. These will help you secure your wallets and other crypto accounts.
- Consider getting one more more secure offline devices like the Trezor hardware wallet for cryptos and/or a secure encrypted USB drive you can protect with a password (like these secure USB drives).
- Always use “strong” passwords.
- Always use different passwords for each account (this is why a password program like LastPass is handy).
- Always generate new secure passwords offline.
- When possible, copy / paste / generate all seeds, pins, keys, passwords, etc offline.
- Always use 2FA when you can. In general you can only do this for custodial services. 2FA is your best defense against your account being hacked. In general third parties insurer against a hack on them, not on you!
- Use different email addresses for different accounts (that way compromising one doesn’t necessarily compromising the other).
- Don’t attach anything to your phone number unless you have to (this avoids being vulnerable to “sim jacking.”)
- Try backing up your 2FA on another device by recording the seed phrase with two devices when you set it up. If you lose your 2FA, you can contact support of a custodial service to recover your account.
- With non-custodial wallets you will have a private key and public key. Your public key is the address you share to receive crypto, your private key is like your password to that wallet. Always keep your private key somewhere secure. Ideally you’ll keep it offline, for example on an encrypted USB, but you can also keep it on a password program like LastPass (although this is arguably less secure).
- If someone gets access to your 2FA and passwords, you are in trouble. Once you have all the layers of protection, social engineering is more of a threat than traditional hacking.
- Custodial wallets won’t generally give you access to a private key or seed phrase.
- A seed phrase can be used to recover an account even if you forget a password.
- If you are using a custodial service and lose your password, you may be able to recover your account by contacting support.
- Some wallets can glitch with updates or when they haven’t been updated, if this happens, reinstall and re-enter your seed phrase.
- All software is created and maintained by someone(s). Sometimes software stops being supported. Choose your software / hardware carefully.
- It can be smart not to keep everything in one place.
- For most people a trust third party platform like Square Coinbase is the best bet. Just lock your Coinbase down with 2fa, go into Coinbase Pro and put whitelisting on, and you are fairly SAFU.
- For those who don’t want custodial solutions, a smart move is the “core” wallet of your crypto. Generate your keys offline, stick them on that encrypted USB, make a copy, secure in a locked box, etc. Now you are only at the whim of the core devs of the coin (as any holder of the coin would be anyway).