Below are some points that everyone should consider when using crypto and a lot of it is for general internet security as well. If you get value please SHARE to help others as well
You should have an up to date anti virus on your computer. I personally use Kaspersky but there are lots of good ones out there both free and paid. I like how Kaspersky integrates into my browser and when I go to certain sites like banking it opens up in a secure browser to block any tracking. Another reason I like them is they come with a password manager feature which I talk about further down.
Use unique passwords on every site. Yes this is a complete pain but that is why you use a password manager to remember them all so you only only have to remember the master password. Example below of what I get from using Kaspersky password manager but there are lots of others out there including some open source options too.
Common Mistake and one I used to do was let google remember my passwords. Problem is if someone gets access to your google account they then have access to everything including all your banking sites as so many of these use email to confirm it is you trying to login.
Don’t use the same email for everything as this can be dangerous if one system is hacked. Definitely don’t use the same password you use for your emails on anything else.
I mainly use protonmail which gives you secure and encrypted emails with no big brother (gmail) looking over your shoulder and with a paid account you can have multiple emails under the one login.
For me I have my main protonmail account set up and I never use that email anywhere it is just for accessing my protonmail account and then within that I create multiple emails that I use on different exchanges or when creating online accounts.
Why multiple emails under the one login? If an exchange or website I use is hacked and they get the list of user emails its no good to them apart from spamming me as that email account as no way to login to my main protonmail account. If that was the email I use to log into my emails they could try methods like brute forces attacks to try and guess passwords. Also if they try and log into other major exchanges it means nothing as I have different emails on all major exchanges.
Secure your emails
Whichever provider you use add 2FA on your emails for login. Remove extra verifications that are not needed as your security is as vulnerable as your weakness access point. SMS backups are an issue here again with sim swapping.
VPN (Virtual Private Networks)
A VPN is another layer of security between you and hackers as they mask your location. When you connect to a VPN you choose the country that you want it to appear you are joining from and then all your traffic is routed through there so if anyone tracks your IP it shows up as that country and not your own.
Some people also use these for watching Netflix from other countries as different shows are available in different countries. Others use these to sign up for exchanges when they dont want the exchange to know what country they are really in.
There are lots of good ones out there and 2 of the most popular that I like are:
Bookmark Official Sites
When you are on the official exchange websites, email providers and wallet sites bookmark them so you don’t have to type in the address every time and potential mistype and end up on a phishing site. I have links to the official Cardano wallets further down
2FA (Two Factor Authentication)
2FA is an extra layer of security that means when you try to login you are asked for a pin code after you get past the username and password section. There are different options you can use here which are outlined below in order of worst to best in my opinion:
This is where they send you a text with a code you need to put in to login. Sounds good on the surface but there have been too many cases now of SIM swapping where scammers contact your phone carrier and get a copy of your sim card sent to them so they can then get by these barriers.
2 – Email:
This is where the site you are logging into send you an email to confirm your login. Security of this method depends on your own email security which I go through further down
3 – 2FA App:
You can use apps like Google Authenticator which is an app that you install on your phone and link to your online accounts. Then every time you try to login you are asked for a code that is generated on your app. The code is random and changes every 30 seconds.
Example below of setting it up:
4 – Yubikey:
This is a hardware device that you have to have physical access to to login by either having it plugged into your device or using nfc. This is the one that I am in the process of moving everything over to. When you try to login you have to insert the pin you set for the device and then you have to press a button on the device to confirm the interaction.
Above are some of the Yubikey options you can get. I personally got 2 Yubikey 5 NFC so I can have one as a backup and I liked that it had NFC so I can also use it with my phone. You can check out the details of all the different options on their site and they have a guide to help you pick the right one for you – yubico.com
Don’t add unnecessary Add-ons to your browser that are not needed. Ad blocker addons are fine or even just use the Brave browser which has a lot of ad blocking and tracker blocking features built in
Holding Your Crypto Securely
When it comes to holding your crypto there are lots of different options and I go through all of them for Cardano in the video below
The summary of the video above is that I personally use a hardware wallet and access my ADA through Daedalus and Yoroi.
The reason I don’t leave my ADA on an exchange is when you do you basically have an IOU from the exchange that they owe you x amount of coins. If something happens the exchange you could lose it all or a big part of it if the exchange doesn’t have enough funds to cover the hack.
The 2 main hardware wallets for ADA right now are Trezor and Ledger. With Trezor you need a model T which I don’t have so all my videos on hardware wallets are using a Ledger Nano s or X but Trezor is a very good option too.
For people who heard about Ledgers hack that was their customers personal details and not any details like your seed phrase so your crypto is still 100% safe as long as you keep your seed phrase safe. Its still shit that they let their customers details get hacked on their ecommerce platform, I still personally use Ledger as I like their interface and wallet but for some that is enough reason for them not to use Ledger which I full understand.
When you want to download a wallet for any crypto make sure you go to the official site to download, I have included the links for the official sites below but with other cryptos if you search on google make sure you ignore the listings at the very top that are ADs as there is potential for scammers to get in there at times
Daedalus – https://daedaluswallet.io/en/download/
Yoroi – https://yoroi-wallet.com/
ADAlite – https://adalite.io/
I have included adalite above as I get lots of questions about them. They have built a very good wallet and is a good option with a Hardware wallet but if you are putting in your seed phrase very time I prefer yoroi for that as you only need to put it in once and your not risking putting it into the wrong site
Giveaway scams – Nobody will ever double your crypto by you sending them an amount to get double back. If there is ever a real giveaway then you don’t need to send anything first. Videos on YouTube showing Charles Hoskinson and other high profile people in crypto giving away free crypto are all fake.
Fake Wallets – As mentioned above only ever get the wallet download links from official sites. Fake wallets will appear on the app stores from time to time so just report them to save others.
Telegram – When you join some crypto groups you will get messages straight away from scammers trying to get your crypto. They can be in the form of people saying they are admins or support in the group. Don’t even waste your time with them as admins will generally never message you first
YouTube Comments – I see it in my videos all the time scammers with copies of my account commenting telling people to contact them on WhatsApp or recommending fund managers. No Crypto YouTuber will ever give out numbers like this or recommend “fund managers”. Example below showing what the scam comments look like, you can see with real comments the channel owners name has a dark background.
I hope this post and the video at the start are a help and save people losing their hard earned crypto. Below is a bullet point summary.
- Keep your devices up to date with all software and antivirus
- Always double check website URLs
- Double check addresses you are sending too
- Giveaways are generally scams and nobody will give away crypto for free
- Use 2FA on all sites that you can
- Use multiple emails
- Use hardware wallets wherever possible
- Don’t store crypto on exchanges
This post will evolve over time and I will add more tips to it so make sure you bookmark it and also please SHARE to help others