9 essential tips to secure your cryptocurrency
You have to ask yourself one question. Do I own my money?
Well, do you?
If it’s fiat money and you’ve got it in your pocket, then yes. Until you spend it, or a pickpocket gets it, it’s yours. If it’s fiat money and it’s in a bank, then no, not really. The bank could be closed for the weekend, or go belly-up, or fail to operate due to some computer malfunction.
If it’s cryptocurrency, things get really complicated. Although cryptocurrency is said to be decentralized, that’s rather a misnomer. It’s the transactions and crypto creation and storage that are (or can be) decentralized, but you still get to “own” cryptocurrency, or rather a key to certain blocks on the blockchain. And once you do own crypto, you have to store the data somewhere safe.
As with fiat money, or nuts and berries, or cows, or bars of gold – once you own something, you become a potential target for anyone who wants whatever you own. The more sophisticated the asset, the more sophisticated the theft. If you own nuts and berries, expect a cosh. If you own crypto, always, always be prepared for all sorts of hacks, scams and random acts of malice.
There are a few essential rules for securing your crypto. It may seem like a hassle, but it’s worth it; if Mt. Gox, DAO or NiceHash ring any bells, you know nasty things happen. A lot. Better, then, to take a few extra steps and make sure you actually still own the money you think you do.
1. Use cold storage for most digital assets.
We will come back to this essential point. Crypto is best stored cold: either in a hardware wallet (a USB-like device), or on a terminal that is not connected to the internet except when you move money to/from it. Don’t surf the web on these devices, and only keep them online for very short amounts of time.
Hardware wallets are the safest way to store crypto, not just security-wise, but also for recoverability. When you activate the wallet, you receive a set of seed words that you can use to restore access in case the hardware breaks down. This means you could lose nothing, ever. Trezor and Ledger Nano S are the most respectable hardware wallets out there at the moment. They are also not cheap.
2. Keep only small amounts in software wallets.
Software wallets are the most comfortable option; easier to use in every way, they range from the desktop variety – self-explanatory, really – to the online wallets that are really, in most ways, a pretty bad idea, since you are storing your key online. In between the two, however, is the cushy option of the mobile wallet.
Everyone should have one, really, since mobile wallets are what allows for quick transfers. They are, however, not so secure – plus, some are quite cumbersome, requiring you to download the entire blockchain. Still: pick one and store small amounts, just about as much as you’re prepared to lose in case of an attack. Don’t forget to choose a wallet that supports your cryptocurrency.
3. Store (almost) nothing on exchanges.
That’s all there is to say, really. It’s not very likely you’ll store nothing at all, especially if you do any trading and need your crypto at the ready. But you will have to resign to the idea that everything you keep on an exchange is very, very vulnerable. Mount Gox, Bitstamp, Bitfinex, CoinSecure are just a few of the many exchanges that got hacked over the past 5 years. It’s painfully logical: criminals will be drawn to where the money is, and exchanges are the giant honey pot. Almost $800 million got stolen in 2018 so far.
4. Use two-factor authentication everywhere.
That’s a rule of thumb for everything. 2FA, two-factor authentication, is a set of supplementary measures to verify the identity of online users through any of three potential identifiers: something you know (a password or answer to a secret question), something you are (biometrics that check irises or fingerprints), or something you own (e.g. authenticating your computer access through a mobile phone key or token). Everything you do online, including getting access to your email, bank account or crypto wallet, should go through 2FA.
5. Always, always use long, random passwords.
It used to be so much easier to just have a master password for everything. After all, who’d guess “November2009!”, whether for your social media account, your email, your bank account or whatever else. It wasn’t safe in November 2009, it’s not safe now. Use a random password generator from a dedicated service like Authy, LastPass, Google Authenticator etc.
6. Beware of links in unsolicited email.
Phishing remains a top scamming method. Whether users are drawn in by apparently irresistible offers or by mirror websites that reel them into an apparently familiar platform, the point is to bypass vigilance and get your credentials – and then your money.
More than half of the phishing attacks in 2018 so far have targeted payment platforms and financial institutions. Guess why. As with exchange hackers, scammers go where the money is. With crypto, which has not perhaps had time to develop good user practices, it’s sometimes enough to send emails announcing air drops, bounties, spectacular deals or such. A mirror website will then collect your login credentials, and you can kiss your crypto goodbye, for it’s never, ever coming back.
7. Backup your data.
Is there anybody in this day and age, who doesn’t? If you’ve got any data that you care about – the family photos, last month’s budget, that video you took at your cousin’s wedding or your crypto data, you need to back it up.
Fortunately, most wallets allow you to back up your wallet data, either directly or through third parties, into files of the type wallet.dat. Now, make sure you store the backup data securely, not together with your live data but on another computer or hard drive. Then encrypt the computer / hard drive. Then lock it in a vault.
Well, maybe not quite so much, but close. Your data needs to be safe, password-protected, preferably encrypted, and for sure in a different physical location than the original. Maybe give your spouse or sibling instructions on how to access the data in case something happens to you.
8. Use a VM for crypto operations.
If you’re really serious about your security, you can up your game to this level and use bare Linux or a virtual machine for all crypto operations. Don’t surf the net as an administrator, have your VM set to guest mode or minimal access levels, and only login as an admin when you’re running the install. Then just float across the VM.
Add encryption here too, if possible.
9. Use good antivirus software.
Even if you are not at paranoid level yet, or especially if you’re not, you need to run antivirus software. A lot of people may try to tell you it’s useless, and they’re right. But only if they’re talking about the free version. Free versions are usually months out of date, and viruses are quick to change and adapt. So try the full version of BitDefender, for instance, and make sure you stay protected. Of course, healthy online practices help you stay safe, too.
At this point in time, cryptocurrency is quite a bit of work, and not exactly user-friendly if you’re not a techie. On the other hand, it’s a very rewarding field, and you can be crypto-rich if you make the right call at the right time.
Which is why it’s worth following all of these 9 steps to make sure you keep your crypto safe.