Whether you’re new to Bitcoin and Ethereum or you’ve been trading digital currency for a while now, there’s a lot you need to consider when it comes to security. Just because it’s decentralized, doesn’t mean digital currencies are any more secure than traditional, real-world money.

22 Cryptocurrency Security Tips

  1. Get a hardware wallet
  2. Keep your private keys close.
  3. Use two-factor authentication.
  4. But don’t use SMS two-factor authentication.
  5. Choose difficult passwords.
  6. Use a password manager.
  7. Audit your security from time to time.
  8. Be on guard. All the time.
  9. Maintain your privacy.
  10. Purge old or unused exchange accounts.
  11. Move any crypto you’re not trading out of hot wallets.
  12. Use cold storage as a longterm solution.
  13. Enable loved ones and family members to access your accounts in the event of an emergency.
  14. Keep passwords and recovery sentences in a fire-proof safe.
  15. Write down recovery sentences and verify them.
  16. NEVER input a recovery sentence online.
  17. Choose a unique PIN.
  18. Use a fresh address for each cryptocurrency transaction.
  19. Beware of potential phishing sites.
  20. Keep your device safe.
  21. Avoid public WiFi.
  22. Educate your friends and family on cryptocurrency and cybersecurity.

1. Get a Hardware Wallet for your Cryptoassets

Crypto hardware wallets are by far the safest way to store your digital assets. A hardware wallet is a physical device that stores your user’s private keys inside of an impenetrable circuit and allows you to sign transactions with a single click.

Not sure where to start? Try KeepKey.

2. Keep Your Private Keys Close

Never store your private keys online or share them with others. Once your private keys have been shared, you’re an instant target for hackers.

3. Use Two-Factor Authentication on Everything

Layer on an extra level of security by using two-factor authentication (2FA). Two Factor authentication is when you need two different methods — usually two different devices — to access your accounts.

With greater security in place, hackers will move on to easier targets. When you enable 2FA for any site, it is extremely important that you keep a copy of the seed (secret code) that you use to enable 2FA in a secure place.

Not sure where to start? Try Google Authenticator, a 2FA app that runs on both iOS and Android. Prefer to have a completely separate state-of-the-art device? Then Yubikey is for you.

4. Say “No Way” to SMS Two-Factor Authentication

Whatever you do, do not incorporate SMS 2 Factor Authentication (2FA) into anything you do. Anyone using SMS 2FA is a ticking time bomb to get hacked.

5. Use Difficult Passwords

When creating a wallet or cryptocurrency exchange account, you always need to use an extremely secure password. Try to combine upper and lowercase letters, numbers and symbols whenever possible.

Not sure where to start? Try Passwords Generator.

6. Use a Password Manager

Store all of your passwords in a password manager (an encrypted database that is protected by a single password). This way, you can have a unique password for everything you do online and only have to remember one password.

Not sure where to start? Try 1password.

7. Audit

When’s the last time you did an audit of all of your crypto accounts, cryptocurrency wallets, logins, and services? If you can’t remember — it’s time!

A thorough audit allows you to visualize the sheer number of services that you use and the different accounts that you own. And the more you use, the more steps you’ll need to take in order to cleanse — and secure — your crypto.

8. Be Suspicious

Like we always say in crypto, don’t trust; verify. After your audit is complete, use it as a guide to determine if your tools are still reliable.

Begin by assessing the following:

  • Brand Reputation
  • Transparency
  • Methodology
  • Rates
  • Benefits
  • Support
  • Overall user experience

9. Be Sneaky

Create an alias email for your online crypto dealings: accounts, newsletters, communities, support tickets.

Your email alias acts as a “fronts” to your primary email. Using an alias decreases your chance of being targeted for email phishing attacks to your business or personal inboxes. No crypto info should go to your primary email.

10. Purge

Close any old exchange accounts, empty your unused cryptocurrency wallets, and get rid of any crypto tools that you no longer need — or use. Don’t forget to delete all unloved crypto apps from your phone, tablet, and computer.

11. Drop it (if it’s Hot)

Move any crypto that you are not actively trading out of exchange-based hot wallets and into more secure wallets like software, desktop or mobile wallets. These types of (hot) wallets are still vulnerable but can be a more secure option. Exchange hacks are real; better to be safe than sorry.

12. Stay Chill with Cold Storage

Are you HODLing large amounts of crypto for the long-term? If so, it’s time to move any funds off of any hot wallets and into cold storage. With your private keys stored safely offline, you’ll rest easy with a hardware wallet.

13. Rest in Peace

Just like any other investment, you’ll want your loved ones to have access to your crypto after you’re gone. Include access to your recovery seed in your will. You want to feel as secure as possible, but don’t forget to plan for any eventuality. You can read online about multiple cases of people who died and did not leave their passphrase or recovery seed accessible to their families.

Don’t know where to begin? Read crypto legal expert Pamela Morgan’s Medium Blog: Pamela Morgan.

14. Get Fired Up

While you can’t stop a natural disaster from coming, you can protect your funds against one. Print all of your 2FA backup codes, password manager emergency kits, and hardware wallet recovery sentences. Then, place these items (along with paper wallets and other crypto planning documents) into a safe and fireproof place.

You can keep your recovery seed safe from physical damage by engraving it on a steel plate. Engraving tools are fairly inexpensive and are especially worth the investment if you have more than one recovery seed to protect.

Not sure where to start? Try a Steely Backup Kit.

15. Write Your Recovery Sentence Down & Verify

Make sure all words are spelled correctly and are in the correct order. Then triple-check and test it with a small number of funds.

16. Never Input Your Recovery Sentence Online

This includes:

  • On your phone
  • On your computer
  • Taking a photo or screenshot
  • In an email
  • Cloud services, including Google Drive/Dropbox/Evernote

17. Choose a Unique PIN

We recommend a pin that’s 6–9 digits. This should be obvious, but please don’t use important dates that are easy to guess — such as your birthday, or “1–2–3–4.”

18. Generate a New Address for Every Transaction

With the exception of Ethereum, every blockchain allows for this. This practice keeps you more secure because it keeps you more anonymous.

19. Be Watchful of Potential Phishing Sites

A very common scam technique used by hackers is creating a fake, identical version of the exchange or web wallet page they use and emailing the link to the victim, usually with a convincing message that convinces them to log in and take some action instantly. A lot of people access these sites, enter their data and the hackers take that data and do what they want.

To avoid phishing, always check if the link showing in your browser perfectly matches the one of your exchange or web wallet.

20. Keep Your Device Safe

Make sure you have updated antivirus and firewall enabled. Don’t install any software you’re not entirely sure about the safety. And of course, never download any suspicious attachments and make sure to research about the reputation of software you’re about to install.

21. Keep your Holdings Private

It’s crucial that you never tell anyone how much virtual currency you hold. This is especially true when talking with strangers at blockchain tech conferences, cryptocurrency meetups, and social media.

22. Avoid Public WiFi

Wifi hosts can direct your browser to any page, which can be, sometimes, a mimic version of your exchange or wallet. They can also collect data transmitted through the network which, in case, includes the password you typed. If you need to access your wallet from a public WiFi, use a VPN.

23. Educate your Friends and Family about Crypto

Knowledge is power! The more everyone knows about crypto security, the faster we will move toward mass adoption.

Have a security tip to share? Comment below.