Take security in crypto seriously: Here’s a few best practices

Take security in crypto seriously: A few best practices

You can send crypto virtually anywhere in the world comparatively quickly, as well as store and manage crypto assets yourself. But that advantage over banks can become a weakness if you don’t take the proper steps to secure and protect your funds.

Cointelegraph previously covered several methods for digital asset protection, touching on wallet usage, setting up two-factor authentication (2FA), private key protection, wallet address confirmation, scams and transaction sizing.

These can be good general tips, although you can also take additional steps and measures, some of which are described below. Trader and podcaster Scott Melker, known as the Wolf of All Streets on Twitter, also wrote an in-depth blog post on additional security measures following a hack he suffered in 2020.  

Be careful about your 2FA! No, really!

When you set up 2FA on an account (email, crypto exchange, etc.), logging in will require a code from a separate source after you enter your password. Two-factor authentication comes in multiple forms. Text-based and app-based 2FA serve as two of the most common. Using text-based 2FA, however, leaves you more vulnerable to SIM swapping attacks. A SIM swap occurs when a hacker obtains access to your phone’s SIM card, via social engineering or otherwise, allowing them access to your text-based 2FA and other information. 

For added protection, instead of text-based 2FA you can use an app such as Google Authenticator, which provides an ever-changing code in its own app. For more information on setting up Google Authenticator, check out Google’s tutorial. (Another popular 2FA app is Authy, and different exchanges support different authentication methods.)

When setting up your authenticator app for each of your accounts, however, you may want to choose the option of connecting the 2FA by hand, inputting a string of characters instead of scanning a barcode. There is often a place where you can select manual entry. Writing that string of characters down by hand and storing it in a safe place can be a method of protection. This is the backup code if you lose your phone or need to reset your 2FA for that account. 

If someone gets access to this backup string of characters, however, they can steal your 2FA. 

Always double-check your writing to make sure you wrote it down correctly. 

Taking your 2FA up a notch from there, instead of running your authenticator app on your main phone, you can run it on a different mobile device that is unconnected to the internet. Google Authenticator can operate offline, although it occasionally needs to connect to the internet every so often to sync up. 

Some website accounts also allow for hardware 2FA devices. Hardware 2FA requires a physical device to unlock your account. Take a look at this article from WIRED for more on physical hardware 2FA. 

Protect your phone number, email addresses and accounts

Your phone number is important. It’s often linked to your identity and many of your accounts on various platforms. If a hacker knows your phone number and wants to attack your accounts, they can likely do so. Be cautious of who you give your phone number to, and where you list it.

You may have heard of SIM swapping, an attack vector that intercepts messages meant for you and diverts them to a hacker who ports your phone number. Since there are multiple phone carriers, your best defense here is to read this article on CNET and decide for yourself how best to protect your crypto.

Email address protection can also prove important. It’s not advisable to use a single email address for all of your communications and your important accounts. Decentralization is often touted as more secure in the crypto space. With centralization, hackers can hack one source and gain access to multiple accounts and data piles. 

Why not decentralize your email addresses by using multiple, from a more secure email service such as Protonmail, instead of other mainstream options. 

It is also important to protect all of your accounts, as a breach of one account may lead to a breach of connected platforms. You may want to silo your accounts where you can so they don’t lead to other breaches.

Additionally, on each of your accounts, use a strong and unique password including an array of different letters, numbers and special characters. NEVER reuse a password!

Security is vital in the crypto space. Sensible precautions will go a long way to helping you make the most of your crypto experience. A reminder, we recommend checking this article for more information.


Cointelegraph is a publisher of financial information, not an investment adviser. We do not provide personalized or individualized investment advice. As a condition of using Markets Pro you acknowledge and agree that no Content published or otherwise provided as part of any Service constitutes a personalized recommendation or advice regarding the suitability of, or advisability of investing in, purchasing or selling any particular investment, security, portfolio, commodity, transaction or investment strategy. Cryptocurrencies are volatile investments and carry significant risk. Consult your financial advisor before making financial decisions. Full terms and conditions.